Syntax Properties Return values Examples

AWS::Cognito::UserPoolResourceServer

The AWS::Cognito::UserPoolResourceServer resource creates a new OAuth2.0 resource server and defines custom scopes in it.

Note

If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::Cognito::UserPoolResourceServer",
  "Properties" : {
      "Identifier" : String,
      "Name" : String,
      "Scopes" : [ ResourceServerScopeType, ... ],
      "UserPoolId" : String
    }
}

YAML


Type: AWS::Cognito::UserPoolResourceServer
Properties:
  Identifier: String
  Name: String
  Scopes: 
    - ResourceServerScopeType
  UserPoolId: String

Properties

Identifier

A unique resource server identifier for the resource server. The identifier can be an API friendly name like solar-system-data. You can also set an API URL like https://solar-system-data-api.example.com as your identifier.

Amazon Cognito represents scopes in the access token in the format $resource-server-identifier/$scope. Longer scope-identifier strings increase the size of your access tokens.

Required: Yes

Type: String

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Minimum: 1

Maximum: 256

Update requires: Replacement

Name

A friendly name for the resource server.

Required: Yes

Type: String

Pattern: [\w\s+=,.@-]+

Minimum: 1

Maximum: 256

Update requires: No interruption

Scopes

A list of scopes. Each scope is a map with keys ScopeName and ScopeDescription.

Required: No

Type: Array of ResourceServerScopeType

Maximum: 100

Update requires: No interruption

UserPoolId

The user pool ID for the user pool.

Required: Yes

Type: String

Pattern: [\w-]+_[0-9a-zA-Z]+

Minimum: 1

Maximum: 55

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns physicalResourceId, which is the resource server identifier “Identifier". For example:

{ "Ref": "yourResourceServerIdentifier" }

For the Amazon Cognito resource server yourResourceServerIdentifier, Ref returns the name of the resource server.

For more information about using the Ref function, see Ref.

Examples

Creating a new resource server for a user pool

The following example creates a resource server "Name" with the identifier "Identifier" in the referenced user pool.

JSON


{
	"UserPoolResourceServer": {
		"Type": "AWS::Cognito::UserPoolResourceServer",
		"Properties": {
			"UserPoolId": {
				"Ref": "UserPool"
			},
			"Identifier": "Identifier",
			"Name": "Name",
			"Scopes": [{
				"ScopeName": "ScopeName1",
				"ScopeDescription": "description"
			}, {
				"ScopeName": "ScopeName2",
				"ScopeDescription": "description"
			}]
		}
	}
}

YAML


UserPoolResourceServer: 
  Type: AWS::Cognito::UserPoolResourceServer
  Properties: 
    UserPoolId: !Ref UserPool 
    Identifier: "Identifier" 
    Name: "Name" 
    Scopes: 
     - ScopeName: "ScopeName1" 
       ScopeDescription: "description" 
     - ScopeName: "ScopeName2"
       ScopeDescription: "description"

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS::Cognito::UserPoolIdentityProvider

ResourceServerScopeType