Resource: awsCognitoIdentityPool
Provides an AWS Cognito Identity Pool.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamSamlProviderDefault = new aws.iamSamlProvider.IamSamlProvider(
this,
"default",
{
name: "my-saml-provider",
samlMetadataDocument: '${file("saml-metadata.xml")}',
}
);
new aws.cognitoIdentityPool.CognitoIdentityPool(this, "main", {
allowClassicFlow: false,
allowUnauthenticatedIdentities: false,
cognitoIdentityProviders: [
{
clientId: "6lhlkkfbfb4q5kpp90urffae",
providerName: "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ",
serverSideTokenCheck: false,
},
{
clientId: "7kodkvfqfb4qfkp39eurffae",
providerName: "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu",
serverSideTokenCheck: false,
},
],
identityPoolName: "identity pool",
openidConnectProviderArns: [
"arn:aws:iam::123456789012:oidc-provider/id.example.com",
],
samlProviderArns: [awsIamSamlProviderDefault.arn],
supportedLoginProviders: {
"accounts.google.com": "123456789012.apps.googleusercontent.com",
"graph.facebook.com": "7346241598935552",
},
});
Argument Reference
The Cognito Identity Pool argument layout is a structure composed of several sub-resources - these resources are laid out below.
identityPoolName
(Required) - The Cognito Identity Pool name.allowUnauthenticatedIdentities
(Required) - Whether the identity pool supports unauthenticated logins or not.allowClassicFlow
(Optional) - Enables or disables the classic / basic authentication flow. Default isfalse
.developerProviderName
(Optional) - The "domain" by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.cognitoIdentityProviders
(Optional) - An array of Amazon Cognito Identity user pools and their client IDs.openidConnectProviderArns
(Optional) - Set of OpendID Connect provider ARNs.samlProviderArns
(Optional) - An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.supportedLoginProviders
(Optional) - Key-Value pairs mapping provider names to provider app IDs.tags
- (Optional) A map of tags to assign to the Identity Pool. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Cognito Identity Providers
clientId
(Optional) - The client ID for the Amazon Cognito Identity User Pool.providerName
(Optional) - The provider name for an Amazon Cognito Identity User Pool.serverSideTokenCheck
(Optional) - Whether server-side token validation is enabled for the identity provider’s token or not.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- An identity pool ID, e.g.usWest2Abc123
.arn
- The ARN of the identity pool.tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
Import
Cognito Identity Pool can be imported using its ID, e.g.,