Skip to content

Resource: awsCognitoIdentityPool

Provides an AWS Cognito Identity Pool.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamSamlProviderDefault = new aws.iamSamlProvider.IamSamlProvider(
  this,
  "default",
  {
    name: "my-saml-provider",
    samlMetadataDocument: '${file("saml-metadata.xml")}',
  }
);
new aws.cognitoIdentityPool.CognitoIdentityPool(this, "main", {
  allowClassicFlow: false,
  allowUnauthenticatedIdentities: false,
  cognitoIdentityProviders: [
    {
      clientId: "6lhlkkfbfb4q5kpp90urffae",
      providerName: "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ",
      serverSideTokenCheck: false,
    },
    {
      clientId: "7kodkvfqfb4qfkp39eurffae",
      providerName: "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu",
      serverSideTokenCheck: false,
    },
  ],
  identityPoolName: "identity pool",
  openidConnectProviderArns: [
    "arn:aws:iam::123456789012:oidc-provider/id.example.com",
  ],
  samlProviderArns: [awsIamSamlProviderDefault.arn],
  supportedLoginProviders: {
    "accounts.google.com": "123456789012.apps.googleusercontent.com",
    "graph.facebook.com": "7346241598935552",
  },
});

Argument Reference

The Cognito Identity Pool argument layout is a structure composed of several sub-resources - these resources are laid out below.

  • identityPoolName (Required) - The Cognito Identity Pool name.
  • allowUnauthenticatedIdentities (Required) - Whether the identity pool supports unauthenticated logins or not.
  • allowClassicFlow (Optional) - Enables or disables the classic / basic authentication flow. Default is false.
  • developerProviderName (Optional) - The "domain" by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.
  • cognitoIdentityProviders (Optional) - An array of Amazon Cognito Identity user pools and their client IDs.
  • openidConnectProviderArns (Optional) - Set of OpendID Connect provider ARNs.
  • samlProviderArns (Optional) - An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.
  • supportedLoginProviders (Optional) - Key-Value pairs mapping provider names to provider app IDs.
  • tags - (Optional) A map of tags to assign to the Identity Pool. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Cognito Identity Providers

  • clientId (Optional) - The client ID for the Amazon Cognito Identity User Pool.
  • providerName (Optional) - The provider name for an Amazon Cognito Identity User Pool.
  • serverSideTokenCheck (Optional) - Whether server-side token validation is enabled for the identity provider’s token or not.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - An identity pool ID, e.g. usWest2Abc123.
  • arn - The ARN of the identity pool.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

Cognito Identity Pool can be imported using its ID, e.g.,

$ terraform import aws_cognito_identity_pool.mypool us-west-2_abc123