AWS::Cognito::IdentityPool
The AWS::Cognito::IdentityPool resource creates an Amazon Cognito identity
pool.
To avoid deleting the resource accidentally from AWS CloudFormation, use DeletionPolicy Attribute and the UpdateReplacePolicy Attribute to retain the resource on deletion or replacement.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Cognito::IdentityPool", "Properties" : { "AllowClassicFlow" :Boolean, "AllowUnauthenticatedIdentities" :Boolean, "CognitoEvents" :Json, "CognitoIdentityProviders" :[ CognitoIdentityProvider, ... ], "CognitoStreams" :CognitoStreams, "DeveloperProviderName" :String, "IdentityPoolName" :String, "IdentityPoolTags" :[ Tag, ... ], "OpenIdConnectProviderARNs" :[ String, ... ], "PushSync" :PushSync, "SamlProviderARNs" :[ String, ... ], "SupportedLoginProviders" :Json} }
YAML
Type: AWS::Cognito::IdentityPool Properties: AllowClassicFlow:BooleanAllowUnauthenticatedIdentities:BooleanCognitoEvents:JsonCognitoIdentityProviders:- CognitoIdentityProviderCognitoStreams:CognitoStreamsDeveloperProviderName:StringIdentityPoolName:StringIdentityPoolTags:- TagOpenIdConnectProviderARNs:- StringPushSync:PushSyncSamlProviderARNs:- StringSupportedLoginProviders:Json
Properties
AllowClassicFlow-
Enables the Basic (Classic) authentication flow.
Required: No
Type: Boolean
Update requires: No interruption
AllowUnauthenticatedIdentities-
Specifies whether the identity pool supports unauthenticated logins.
Required: Yes
Type: Boolean
Update requires: No interruption
CognitoEvents-
The events to configure.
Required: No
Type: Json
Update requires: No interruption
CognitoIdentityProviders-
The Amazon Cognito user pools and their client IDs.
Required: No
Type: Array of CognitoIdentityProvider
Update requires: No interruption
CognitoStreams-
Configuration options for configuring Amazon Cognito streams.
Required: No
Type: CognitoStreams
Update requires: No interruption
DeveloperProviderName-
The "domain" Amazon Cognito uses when referencing your users. This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the
DeveloperProviderName, you can use letters and periods (.), underscores (_), and dashes (-).Minimum length: 1
Maximum length: 100
Required: No
Type: String
Update requires: No interruption
IdentityPoolName-
The name of your Amazon Cognito identity pool.
Minimum length: 1
Maximum length: 128
Pattern:
[\w\s+=,.@-]+Required: No
Type: String
Update requires: No interruption
-
Tags to assign to the identity pool. A tag is a label that you can apply to identity pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
Required: No
Type: Array of Tag
Update requires: No interruption
OpenIdConnectProviderARNs-
The Amazon Resource Names (ARNs) of the OpenID connect providers.
Required: No
Type: Array of String
Update requires: No interruption
PushSync-
The configuration options to be applied to the identity pool.
Required: No
Type: PushSync
Update requires: No interruption
SamlProviderARNs-
The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.
Required: No
Type: Array of String
Update requires: No interruption
SupportedLoginProviders-
Key-value pairs that map provider names to provider app IDs.
Required: No
Type: Json
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the IdentityPoolId, such as
us-east-2:0d01f4d7-1305-4408-b437-12345EXAMPLE.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
Name-
The name of the Amazon Cognito identity pool, returned as a string.
