My Saved Presets
You must be logged in to view saved presets
Security Controls
Service Control PoliciesConfig RulesCloudWatch Alarms and Event RulesCloudFormation Guard RulesLogging & Monitoring ConfigurationsBackups & DRAuto Remediation RulesConformance PacksBilling and Cost ManagementS3 Bucket PoliciesSecurity Groups & NACLsIAM PoliciesVPC Endpoint Policies
AWS Services
VPC Security ControlsEC2 Security ControlsIAM Security ControlsS3 Security ControlsRDS Security ControlsOpenSearch/Elasticsearch Security ControlsEFS Security ControlsRoute53 Security ControlsAmazon DynamoDB & DAXECR Security ControlsEMR SecurityLambda SecurityCloudFormation SecurityCodeX Security ControlsCloudFront SecurityAWS Certificate Manager (ACM) SecurityAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieAWS WAF & ShieldAWS Secrets ManagerAWS Systems ManagerAWS KMSAWS SSOLoad Balancers & Auto ScalingRDS Event SubscriptionsAWS Resource Access Manager (RAM)Amazon ECSAmazon EKSAmazon API GatewayAWS AppConfigAmazon AppFlowAWS App MeshAWS App RunnerAWS AppSyncApplication Auto ScalingAmazon AthenaAWS BatchAWS Billing ConductorAWS Clean RoomsAWS SNSAWS SQSAWS Service DiscoveryAWS Step FunctionsAWS CloudTrailAWS ConfigAmazon EventBridgeAWS CloudWatchAWS CognitoAmazon ConnectAWS GlueAWS Data Pipeline & Data SyncAmazon DetectiveAWS DevOps GuruAmazon DocumentDBAmazon ElastiCacheAWS Elastic BeanstalkAmazon FSxAmazon MQAmazon PrometheusAmazon CassandraAmazon FinSpaceAWS Fault Injection SimulatorAmazon GameLiftAWS Global AcceleratorAmazon GrafanaAWS IoT GreenGrassAWS IoT ServicesAWS Ground StationAmazon IVS (Interactive Live Streams)Amazon KinesisAWS LakeFormationAmazon LookoutAmazon Managed BlockchainAWS Media ServicesAWS Managed Apache AirflowAWS OpsWorksAWS OrganizationsAmazon PersonalizeAmazon QLDBAmazon RedshiftAmazon RekognitionAWS Resource ExplorerAWS Resource GroupsAmazon Lex & AlexaAWS RoboMakerAmazon SageMakerAWS Service CatalogAmazon SESAWS SimSpace WeaverAWS Support AppAWS TransferAWS X-RayAWS AmplifyAWS AppstreamAWS Audit ManagerAmazon BedrockAWS Cloud9AWS CloudHSMAmazon NeptuneAmazon Quicksight
Reference Guides
AWS Account Setup GuideEC2 Security StrategyS3 Security StrategyLogging & Monitoring Strategy Guide
Configuration Packages
Guided Walkthroughs

Cognito User Pool Client with Pinpoint Analytics Integration

Sets up a Cognito User Pool with a client integrated with Pinpoint analytics for enhanced data collection.

test

aws_cognito_user_pool

account_recovery_setting
recovery_mechanism
admin_create_user_config
invite_message_template



alias_attributes

auto_verified_attributes

device_configuration
email_configuration






lambda_config











custom_email_sender

custom_sms_sender

password_policy
schema

number_attribute_constraints
string_attribute_constraints

sms_configuration




software_token_mfa_configuration
user_attribute_update_settings

attributes_require_verification_before_update

user_pool_add_ons

username_attributes

username_configuration
verification_message_template





depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



test

aws_cognito_user_pool_client



allowed_oauth_flows

allowed_oauth_scopes

analytics_configuration





callback_urls


explicit_auth_flows

logout_urls

read_attributes

supported_identity_providers

token_validity_units

write_attributes

depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



test

aws_iam_role



inline_policy



managed_policy_arns





depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



test

aws_iam_role_policy





depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



test

aws_pinpoint_app



campaign_hook



limits

quiet_time



depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



current

aws_caller_identity

depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



assume_role

aws_iam_policy_document

override_policy_documents


source_policy_documents

statement

actions

condition


values


not_actions

not_principals

identifiers

not_resources

principals

identifiers

resources


depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



test

aws_iam_policy_document

override_policy_documents


source_policy_documents

statement

actions

condition


values


not_actions

not_principals

identifiers

not_resources

principals

identifiers

resources


depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



Terraform Template

data "aws_caller_identity" "current" {
}

data "aws_iam_policy_document" "assume_role" {

  statement {
    actions = ["sts:AssumeRole"]
    effect = "Allow"

    principals {
      identifiers = ["cognito-idp.amazonaws.com"]
      type = "Service"
    }
  }
}

data "aws_iam_policy_document" "test" {

  statement {
    actions = ["mobiletargeting:UpdateEndpoint", "mobiletargeting:PutEvents"]
    effect = "Allow"
    resources = ["arn:aws:mobiletargeting:*:${data.aws_caller_identity.current.account_id}:apps/${aws_pinpoint_app.test.application_id}*"]
  }
}

resource "aws_cognito_user_pool" "test" {
  name = "pool"
}

resource "aws_cognito_user_pool_client" "test" {

  analytics_configuration {
    application_id = aws_pinpoint_app.test.application_id
    external_id = "some_id"
    role_arn = aws_iam_role.test.arn
    user_data_shared = true
  }
  name = "pool_client"
  user_pool_id = aws_cognito_user_pool.test.id
}

resource "aws_iam_role" "test" {
  assume_role_policy = data.aws_iam_policy_document.assume_role.json
  name = "role"
}

resource "aws_iam_role_policy" "test" {
  name = "role_policy"
  policy = data.aws_iam_policy_document.test.json
  role = aws_iam_role.test.id
}

resource "aws_pinpoint_app" "test" {
  name = "pinpoint"
}

© 2024 asecurecloud. All rights reserved.