AWS CloudFormation
User Guide (Version )

AWS::Cognito::UserPoolIdentityProvider

The AWS::Cognito::UserPoolIdentityProvider resource creates an identity provider for a user pool.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Cognito::UserPoolIdentityProvider", "Properties" : { "AttributeMapping" : Json, "IdpIdentifiers" : [ String, ... ], "ProviderDetails" : Json, "ProviderName" : String, "ProviderType" : String, "UserPoolId" : String } }

YAML

Type: AWS::Cognito::UserPoolIdentityProvider Properties: AttributeMapping: Json IdpIdentifiers: - String ProviderDetails: Json ProviderName: String ProviderType: String UserPoolId: String

Properties

AttributeMapping

A mapping of identity provider attributes to standard and custom user pool attributes.

Required: No

Type: Json

Update requires: No interruption

IdpIdentifiers

A list of identity provider identifiers.

Required: No

Type: List of String

Maximum: 50

Update requires: No interruption

ProviderDetails

The identity provider details, such as MetadataURL and MetadataFile.

Required: No

Type: Json

Update requires: No interruption

ProviderName

The identity provider name.

Required: Yes

Type: String

Minimum: 1

Maximum: 32

Pattern: [^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+

Update requires: Replacement

ProviderType

The identity provider type.

Required: Yes

Type: String

Allowed Values: Facebook | Google | LoginWithAmazon | OIDC | SAML

Update requires: Replacement

UserPoolId

The user pool ID.

Required: Yes

Type: String

Minimum: 1

Maximum: 55

Pattern: [\w-]+_[0-9a-zA-Z]+

Update requires: Replacement

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns physicalResourceId, which is “ProviderName". For example:

{ "Ref": "testProvider" }

For the Amazon Cognito identity provider testProvider, Ref returns the name of the identity provider.

For more information about using the Ref function, see Ref.

Examples

Creating a new identity provider

The following example creates the identity provider "YourProviderName" in the referenced user pool.

JSON

{ "UserPoolIdentityProvider": { "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { "UserPoolId": {"Ref": "UserPool"}, "ProviderName": "YourProviderName", "ProviderDetails": { "MetadataURL": "YourMetadataURL" }, "ProviderType": "SAML", "AttributeMapping": { "Email": "Attribute" }, "IdpIdentifiers": [ "IdpIdentifier" ] } } }

YAML

UserPoolIdentityProvider: Type: AWS::Cognito::UserPoolIdentityProvider Properties: UserPoolId: !Ref UserPool ProviderName: "YourProviderName" ProviderDetails: MetadataURL: "YourMetadataURL" ProviderType: "SAML" AttributeMapping: Email: "Attribute" IdpIdentifiers: - "IdpIdentifier"