AWS::Cognito::UserPoolDomain - AWS CloudFormation

AWS::Cognito::UserPoolDomain

The AWS::Cognito::UserPoolDomain resource creates a new domain for a user pool.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Cognito::UserPoolDomain", "Properties" : { "CustomDomainConfig" : CustomDomainConfigType, "Domain" : String, "ManagedLoginVersion" : Integer, "UserPoolId" : String } }

YAML

Type: AWS::Cognito::UserPoolDomain Properties: CustomDomainConfig: CustomDomainConfigType Domain: String ManagedLoginVersion: Integer UserPoolId: String

Properties

CustomDomainConfig

The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.

When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a SetUserPoolMfaConfig request.

Required: No

Type: CustomDomainConfigType

Update requires: No interruption

Domain

The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be auth.example.com.

This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.

Required: Yes

Type: String

Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

Minimum: 1

Maximum: 63

Update requires: Replacement

ManagedLoginVersion

A version number that indicates the state of managed login for your domain. Version 1 is hosted UI (classic). Version 2 is the newer managed login with the branding designer. For more information, see Managed login.

Required: No

Type: Integer

Update requires: No interruption

UserPoolId

The ID of the user pool that is associated with the custom domain whose certificate you're updating.

Required: Yes

Type: String

Pattern: [\w-]+_[0-9a-zA-Z]+

Minimum: 1

Maximum: 55

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns physicalResourceId, which is “Domain". For example:

{ "Ref": "your-test-domain" }

For the Amazon Cognito user pool domain your-test-domain, Ref returns the name of the user pool domain.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

CloudFrontDistribution

The Amazon CloudFront endpoint that you use as the target of the alias that you set up with your Domain Name Service (DNS) provider.

Id

The resource ID.

Examples

Creating a new custom domain for a user pool

The following example creates a custom domain, "my-test-user-pool-domain", in the referenced user pool.

JSON

{ "UserPoolDomain":{ "Type":"AWS::Cognito::UserPoolDomain", "Properties":{ "UserPoolId":{ "Ref":"UserPool" }, "Domain":"my-test-user-pool-domain.myapplication.com", "ManagedLoginVersion": "2", "CustomDomainConfig":{ "CertificateArn":{ "Ref":"CertificateArn" } } } } }

YAML

UserPoolDomain: Type: AWS::Cognito::UserPoolDomain Properties: UserPoolId: !Ref UserPool Domain: "my-test-user-pool-domain.myapplication.com" ManagedLoginVersion: "2" CustomDomainConfig: CertificateArn: !Ref CertificateArn

Creating a new default domain for a user pool

The following example creates a new default domain, "my-test-user-pool-domain", in the referenced user pool.

JSON

{ "UserPoolDomain":{ "Type":"AWS::Cognito::UserPoolDomain", "Properties":{ "UserPoolId":{ "Ref":"UserPool" }, "Domain":"my-test-user-pool-domain", "ManagedLoginVersion": "2" } } }

YAML

UserPoolDomain: Type: AWS::Cognito::UserPoolDomain Properties: UserPoolId: !Ref UserPool Domain: "my-test-user-pool-domain" ManagedLoginVersion: "2"