Skip to content

Resource: awsCognitoUserPoolDomain

Provides a Cognito User Pool Domain resource.

Example Usage

Amazon Cognito domain

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsCognitoUserPoolExample = new aws.cognitoUserPool.CognitoUserPool(
  this,
  "example",
  {
    name: "example-pool",
  }
);
new aws.cognitoUserPoolDomain.CognitoUserPoolDomain(this, "main", {
  domain: "example-domain",
  userPoolId: awsCognitoUserPoolExample.id,
});

Custom Cognito domain

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsCognitoUserPoolExample = new aws.cognitoUserPool.CognitoUserPool(
  this,
  "example",
  {
    name: "example-pool",
  }
);
const awsCognitoUserPoolDomainMain =
  new aws.cognitoUserPoolDomain.CognitoUserPoolDomain(this, "main", {
    certificateArn: "${aws_acm_certificate.cert.arn}",
    domain: "example-domain",
    userPoolId: awsCognitoUserPoolExample.id,
  });
const dataAwsRoute53ZoneExample = new aws.dataAwsRoute53Zone.DataAwsRoute53Zone(
  this,
  "example_2",
  {
    name: "example.com",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsRoute53ZoneExample.overrideLogicalId("example");
new aws.route53Record.Route53Record(this, "auth-cognito-A", {
  alias: {
    evaluateTargetHealth: false,
    name: awsCognitoUserPoolDomainMain.cloudfrontDistribution,
    zoneId: awsCognitoUserPoolDomainMain.cloudfrontDistributionZoneId,
  },
  name: awsCognitoUserPoolDomainMain.domain,
  type: "A",
  zoneId: dataAwsRoute53ZoneExample.zoneId,
});

Argument Reference

The following arguments are supported:

  • domain - (Required) For custom domains, this is the fully-qualified domain name, such as auth.example.com. For Amazon Cognito prefix domains, this is the prefix alone, such as auth.
  • userPoolId - (Required) The user pool ID.
  • certificateArn - (Optional) The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • awsAccountId - The AWS account ID for the user pool owner.
  • cloudfrontDistribution - The Amazon CloudFront endpoint (e.g. dpp0Gtxikpq3YCloudfrontNet) that you use as the target of the alias that you set up with your Domain Name Service (DNS) provider.
  • cloudfrontDistributionArn - The URL of the CloudFront distribution. This is required to generate the ALIAS awsRoute53Record
  • cloudfrontDistributionZoneId - The Route 53 hosted zone ID of the CloudFront distribution.
  • s3Bucket - The S3 bucket where the static files for this domain are stored.
  • version - The app version.

Import

Cognito User Pool Domains can be imported using the domain, e.g.,

$ terraform import aws_cognito_user_pool_domain.main auth.example.org