AWS::Cognito::UserPoolDomain
The AWS::Cognito::UserPoolDomain resource creates a new domain for a user pool.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Cognito::UserPoolDomain", "Properties" : { "CustomDomainConfig" :CustomDomainConfigType, "Domain" :String, "ManagedLoginVersion" :Integer, "UserPoolId" :String} }
YAML
Type: AWS::Cognito::UserPoolDomain Properties: CustomDomainConfig:CustomDomainConfigTypeDomain:StringManagedLoginVersion:IntegerUserPoolId:String
Properties
CustomDomainConfig-
The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.
When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.
Required: No
Type: CustomDomainConfigType
Update requires: No interruption
Domain-
The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example
auth.example.com. For prefix domains, this is the prefix alone, such asmyprefix.Required: Yes
Type: String
Pattern:
^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$Minimum:
1Maximum:
63Update requires: Replacement
ManagedLoginVersion-
A version number that indicates the state of managed login for your domain. Version
1is hosted UI (classic). Version2is the newer managed login with the branding designer. For more information, see Managed login.Required: No
Type: Integer
Update requires: No interruption
UserPoolId-
The ID of the user pool that is associated with the domain you're updating.
Required: Yes
Type: String
Pattern:
[\w-]+_[0-9a-zA-Z]+Minimum:
1Maximum:
55Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns physicalResourceId, which is “Domain". For example:
{ "Ref": "your-test-domain" }
For the Amazon Cognito user pool domain your-test-domain, Ref returns the
name of the user pool domain.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
CloudFrontDistribution-
The Amazon CloudFront endpoint that you use as the target of the alias that you set up with your Domain Name Service (DNS) provider.
Examples
Creating a new custom domain for a user pool
The following example creates a custom domain, "my-test-user-pool-domain", in the referenced user pool.
JSON
{ "UserPoolDomain":{ "Type":"AWS::Cognito::UserPoolDomain", "Properties":{ "UserPoolId":{ "Ref":"UserPool" }, "Domain":"my-test-user-pool-domain.myapplication.com", "ManagedLoginVersion": "2", "CustomDomainConfig":{ "CertificateArn":{ "Ref":"CertificateArn" } } } } }
YAML
UserPoolDomain: Type: AWS::Cognito::UserPoolDomain Properties: UserPoolId: !Ref UserPool Domain: "my-test-user-pool-domain.myapplication.com" ManagedLoginVersion: "2" CustomDomainConfig: CertificateArn: !Ref CertificateArn
Creating a new default domain for a user pool
The following example creates a new default domain, "my-test-user-pool-domain", in the referenced user pool.
JSON
{ "UserPoolDomain":{ "Type":"AWS::Cognito::UserPoolDomain", "Properties":{ "UserPoolId":{ "Ref":"UserPool" }, "Domain":"my-test-user-pool-domain", "ManagedLoginVersion": "2" } } }
YAML
UserPoolDomain: Type: AWS::Cognito::UserPoolDomain Properties: UserPoolId: !Ref UserPool Domain: "my-test-user-pool-domain" ManagedLoginVersion: "2"
