A collection of configuration templates for AWS Cognito resources as well as security controls for monitoring and protecting AWS Cognito configuration such as Config Rules, CloudWatch Alarms, EventBridge Rules, IAM policies, and more.

Cognito
Cognito User Pool Example

This template creates a Cognito User Pool 'my-user-pool' that optionally enables MFA for users and sets 'email' as a required attribute.

CloudFormationTerraform
Cognito User Pool Client Example

This template creates a client 'MyWebApp' for an existing Cognito User Pool.

CloudFormationTerraform
User Pool UI Customization Attachment

This template creates a UI customization attachment for a user pool. It sets the UI customization information for a user pool's built-in app UI. The template includes the UserPoolId, ClientId, and CSS properties.

CloudFormationTerraform
Cognito User Pool Risk Configuration Attachment

This template creates a risk configuration attachment for a user pool in Amazon Cognito. It sets the risk configurations for account takeover, compromised credentials, and risk exceptions. The risk configurations include actions to be taken, notification configurations, and IP range lists. As input the template requires an existing User Pool and Client Id, as well as an SES Identity Arn for sending email notifications

CloudFormationTerraform
Cognito User Pool Resource Server

This template creates a new OAuth2.0 resource server in a Cognito user pool. It defines custom scopes in the resource server.

CloudFormationTerraform
SAML Identity Provider for a Cognito User Pool

This template creates a SAML identity provider 'YourProviderName' in the referenced user pool. It specifies the user pool ID, provider name, provider details including metadata URL, provider type, attribute mapping, and IDP identifiers.

CloudFormationTerraform
OIDC Identity Provider for a Cognito User Pool

This template creates the OIDC identity provider 'YourOIDCProviderName' in the referenced user pool. It specifies the user pool ID, provider name, provider details including client ID, client secret, attributes request method, OIDC issuer, and authorize scopes, provider type, attribute mapping, and IDP identifiers.

CloudFormationTerraform
Apple Identity Provider for a Cognito User Pool

This template creates a Sign in with Apple identity provider in the referenced user pool. It specifies the user pool ID, provider name, provider details including client ID, team ID, key ID, private key, and authorize scopes, provider type, and attribute mapping.

CloudFormationTerraform
Facebook Identity Provider for a Cognito User Pool

This template creates a Facebook identity provider in the referenced user pool. It specifies the user pool ID, provider name, provider details including client ID, client secret, and authorize scopes, provider type, and attribute mapping.

CloudFormationTerraform
Google Identity Provider for a Cognito User Pool

This template creates a Google identity provider in the referenced user pool. It specifies the user pool ID, provider name, provider details including client ID, client secret, and authorize scopes, provider type, and attribute mapping.

CloudFormationTerraform
Amazon Identity Provider for a Cognito User Pool

This template creates a Login with Amazon identity provider in the referenced user pool. It specifies the user pool ID, provider name, provider details including client ID, client secret, and authorize scopes, provider type, and attribute mapping.

CloudFormationTerraform
Cognito Custom Domain Example

This template creates a custom domain, "my-test-user-pool-domain" for the Cognito user pool referenced by the UserPool parameter. The template also requires a certificate referenced by CertificateArn

CloudFormationTerraform
Cognito Identity Pool Principal Tag

This template creates an identity pool principal tag attribute map for access control. It maps the claim `aud` to principal tag `app_id` and the claim `sub` to `user_id` in the identity pool `Example_pool`.

CloudFormationTerraform