【AWS】 Introducing the CloudFormation template created by Cognito UserPool

8

At first

To automate Cognito configuration, we created a CloudFormation template for creating a Cognito UserPool.

Example Template

AWSTemplateFormatVersion: 2010-09-09
Description:
  This template creates an Amazon Cognito Userpool.
  You will be billed for the AWS resources used if you create a stack from this
  template.
Parameters:
  FromEmailAddress:
    Description: from email address
    Type: String
  FromEmailIdentityArn:
    Description: from email ses arn
    Type: String
  Stage:
    Type: String
    Description: The name for a project stage, such as Prod, Acpt, Dev or Unit
  UserPoolBaseName:
    Description: User Pool Base Name
    Type: String
  UserPoolSuffixName:
    Description: The suffix for UserPoolName
    Type: String
  UserPoolTagCost:
    Description: The tag for cost management
    Type: String

Resources:
  UserPool:
    Type: 'AWS::Cognito::UserPool'
    Properties:
      UserPoolName: !Sub '${UserPoolBaseName}${Stage}${UserPoolSuffixName}'
      AccountRecoverySetting:
        RecoveryMechanisms:
          - Name: verified_email
            Priority: 1
      AdminCreateUserConfig:
        AllowAdminCreateUserOnly: true
        UnusedAccountValidityDays: 90
      AutoVerifiedAttributes:
        - email
      EmailConfiguration:
        SourceArn: !Ref FromEmailIdentityArn
        From: !Ref FromEmailAddress
        EmailSendingAccount: DEVELOPER
      Policies:
        PasswordPolicy:
          MinimumLength: 8
          RequireLowercase: true
          RequireNumbers: true
          RequireSymbols: false
          RequireUppercase: false
      Schema:
        - Name: email
          AttributeDataType: String
          DeveloperOnlyAttribute: false
          Mutable: true
          Required: true      
        - Name: 'office_group_id'
          AttributeDataType: String
          DeveloperOnlyAttribute: false
          Mutable: true
          Required: false
          StringAttributeConstraints:
            MinLength: 0
            MaxLength: 256
        - Name: 'office_id'
          AttributeDataType: String
          DeveloperOnlyAttribute: false
          Mutable: true
          Required: false
          StringAttributeConstraints:
            MinLength: 0
            MaxLength: 256
        - Name: 'business_id'
          AttributeDataType: String
          DeveloperOnlyAttribute: false
          Mutable: true
          Required: false
          StringAttributeConstraints:
            MinLength: 0
            MaxLength: 256
        - Name: 'user_type'
          AttributeDataType: String
          DeveloperOnlyAttribute: false
          Mutable: true
          Required: false
          StringAttributeConstraints:
            MinLength: 0
            MaxLength: 256
      UsernameAttributes:
        - email
      UsernameConfiguration:
        CaseSensitive: true
      UserPoolAddOns:
        AdvancedSecurityMode: 'OFF'
      UserPoolTags:
        Cost: !Ref UserPoolTagCost
      VerificationMessageTemplate:
        DefaultEmailOption: CONFIRM_WITH_CODE
  AppClientWeb:
    Type: 'AWS::Cognito::UserPoolClient'
    Properties:
      UserPoolId: !Ref UserPool
      ClientName: !Sub '${UserPoolBaseName}${Stage}${UserPoolSuffixName}_app_clientWeb'
      AllowedOAuthFlowsUserPoolClient: false
      EnableTokenRevocation: false
      ExplicitAuthFlows:
        - ALLOW_CUSTOM_AUTH
        - ALLOW_USER_SRP_AUTH
        - ALLOW_REFRESH_TOKEN_AUTH
      RefreshTokenValidity: 30
      AccessTokenValidity: 1
      IdTokenValidity: 1
      TokenValidityUnits:
        RefreshToken: days
        AccessToken: hours
        IdToken: hours
      PreventUserExistenceErrors: LEGACY
      ReadAttributes:
        - 'birthdate'
        - 'custom:office_group_id'
        - 'custom:office_id'
        - 'custom:business_id'
        - 'custom:user_type'
        - 'email'
        - 'email_verified'
        - 'family_name'
        - 'given_name'
        - 'middle_name'
        - 'name'
      WriteAttributes:
        - 'birthdate'
        - 'custom:office_group_id'
        - 'custom:office_id'
        - 'custom:business_id'
        - 'custom:user_type'
        - 'email'
        - 'family_name'
        - 'given_name'
        - 'middle_name'
        - 'name'
      GenerateSecret: false
    DependsOn:
      - UserPool

supplement

configuration It is in the form of creating one UserPool and one app client contained therein.

restriction Because Japanese is not available, all items are not automatically reflected.

Parameters: Partial The input definition of the parameter. The common part for each environment is set to the default value * Japanese was garbled and could not be set.:joy:

AppClientWeb: Partial UserPoolClient definition for your app

External links

AWS::Cognito::UserPool AWS::Cognito::UserPoolClient This is the AWS official document that I used as a reference.

Create a Cognito AWS Cognito User Pool and Implement Signup in CloudFormation I used it as a reference for how to write and how to proceed

Conclusion

I hope you find the above helpful:laughing:

Share:
8
nacho
Author by

nacho

文系出身/社会人3年目

Updated on March 30, 2022