Terraform Cognito Identity Pool

1
votes

I'd like to add a Cognito User Pool and Identity Pool using Terraform. The current error I have is that the Identity Pool provider's name is incorrect. What's the proper name for a Cognito User Pool in an Identity Pool?

I've use both the name of the User Pool and the name of the resource. What should I use?

# Cognito.tf
resource "aws_ses_domain_identity" "identity" {
  domain = "mydomain.com"
}
data "aws_route53_zone" "blog" {
  name         = "mydomain.com"
}


# Cognito
resource "aws_cognito_user_pool" "main" {
  name = "${var.user_pool_name}-${var.stage}"

  # ATTRIBUTES
  alias_attributes = ["email", "preferred_username"]

  # Require each user to supply a name
  schema {
    attribute_data_type = "String"
    mutable             = true
    name                = "name"
    required            = true
  }

  # Require each user to supply an email
  schema {
    attribute_data_type = "String"
    mutable             = true
    name                = "email"
    required            = true
  }

  # POLICY
  password_policy {
    minimum_length    = "8"
    require_lowercase = true
    require_numbers   = true
    require_symbols   = true
    require_uppercase = true
  }

  # MFA & VERIFICATIONS
  mfa_configuration        = "OFF"

  # MESSAGE CUSTOMIZATIONS
  verification_message_template {
    default_email_option  = "CONFIRM_WITH_LINK"
    email_message_by_link = "Your life will be dramatically improved by signing up! {##Click Here##}"
    email_subject_by_link = "Welcome to to a new world and life!"
  }
  email_configuration {
    reply_to_email_address = "[email protected]"
  }

  # TAGS
  tags = {
    project = "No Meat May"
  }

  # DEVICES
  device_configuration {
    challenge_required_on_new_device      = true
    device_only_remembered_on_user_prompt = true
  }
}

 resource "aws_cognito_user_pool_client" "client" {
    name = "client"
    user_pool_id = aws_cognito_user_pool.main.id
    generate_secret = true
    explicit_auth_flows = ["ADMIN_NO_SRP_AUTH"]
 }

resource "aws_cognito_identity_pool" "main" {
  identity_pool_name               = "${var.identity_pool_name}-${var.stage}"
  allow_unauthenticated_identities = false

  cognito_identity_providers {
    client_id               = aws_cognito_user_pool_client.client.id
    provider_name           = "${var.user_pool_name}-${var.stage}" # <= What's this?
    server_side_token_check = true
  }
 }
1
terraformamazon-cognitoaws-userpools

1 Answers

1
votes

I was able to fix this by using the User Pool's endpoint:

...
resource "aws_cognito_identity_pool" "main" {
  identity_pool_name               = "${var.identity_pool_name}-${var.stage}"
  allow_unauthenticated_identities = false

  cognito_identity_providers {
    client_id               = aws_cognito_user_pool_client.client.id
    provider_name           = aws_cognito_user_pool.main.endpoint
    server_side_token_check = true
  }
 }