user_pool_clients

Creates, updates, deletes or gets an user_pool_client resource or lists user_pool_clients in a region

Overview

Name	`user_pool_clients`
Type	Resource
Description	Resource Type definition for AWS::Cognito::UserPoolClient
Id	`awscc.cognito.user_pool_clients`

Fields

get (all properties)
list (identifiers only)

Name	Datatype	Description
`client_name`	`string`
`explicit_auth_flows`	`array`
`generate_secret`	`boolean`
`read_attributes`	`array`
`auth_session_validity`	`integer`
`refresh_token_validity`	`integer`
`access_token_validity`	`integer`
`id_token_validity`	`integer`
▶`token_validity_units`	`object`
▶`refresh_token_rotation`	`object`
`user_pool_id`	`string`
`write_attributes`	`array`
`allowed_oauth_flows`	`array`
`allowed_oauth_flows_user_pool_client`	`boolean`
`allowed_oauth_scopes`	`array`
`callback_urls`	`array`
`default_redirect_uri`	`string`
`logout_urls`	`array`
`supported_identity_providers`	`array`
▶`analytics_configuration`	`object`
`prevent_user_existence_errors`	`string`
`enable_token_revocation`	`boolean`
`enable_propagate_additional_user_context_data`	`boolean`
`name`	`string`
`client_secret`	`string`
`client_id`	`string`
`region`	`string`	AWS region.

Name	Datatype	Description
`user_pool_id`	`string`
`client_id`	`string`
`region`	`string`	AWS region.

For more information, see AWS::Cognito::UserPoolClient.

Methods

Name	Resource	Accessible by	Required Params
`create_resource`	`user_pool_clients`	`INSERT`	`UserPoolId, region`
`delete_resource`	`user_pool_clients`	`DELETE`	`Identifier, region`
`update_resource`	`user_pool_clients`	`UPDATE`	`Identifier, PatchDocument, region`
`list_resources`	`user_pool_clients_list_only`	`SELECT`	`region`
`get_resource`	`user_pool_clients`	`SELECT`	`Identifier, region`

`SELECT` examples

get (all properties)
list (identifiers only)

Gets all properties from an individual user_pool_client.

SELECT
  region,
  client_name,
  explicit_auth_flows,
  generate_secret,
  read_attributes,
  auth_session_validity,
  refresh_token_validity,
  access_token_validity,
  id_token_validity,
  token_validity_units,
  refresh_token_rotation,
  user_pool_id,
  write_attributes,
  allowed_oauth_flows,
  allowed_oauth_flows_user_pool_client,
  allowed_oauth_scopes,
  callback_urls,
  default_redirect_uri,
  logout_urls,
  supported_identity_providers,
  analytics_configuration,
  prevent_user_existence_errors,
  enable_token_revocation,
  enable_propagate_additional_user_context_data,
  name,
  client_secret,
  client_id
FROM awscc.cognito.user_pool_clients
WHERE
  region = 'us-east-1' AND
  Identifier = '{{ user_pool_id }}|{{ client_id }}';

Lists all user_pool_clients in a region.

SELECT
  region,
  user_pool_id,
  client_id
FROM awscc.cognito.user_pool_clients_list_only
WHERE
  region = 'us-east-1';

`INSERT` example

Use the following StackQL query and manifest file to create a new user_pool_client resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO awscc.cognito.user_pool_clients (
  UserPoolId,
  region
)
SELECT
  '{{ user_pool_id }}',
  '{{ region }}';

/*+ create */
INSERT INTO awscc.cognito.user_pool_clients (
  ClientName,
  ExplicitAuthFlows,
  GenerateSecret,
  ReadAttributes,
  AuthSessionValidity,
  RefreshTokenValidity,
  AccessTokenValidity,
  IdTokenValidity,
  TokenValidityUnits,
  RefreshTokenRotation,
  UserPoolId,
  WriteAttributes,
  AllowedOAuthFlows,
  AllowedOAuthFlowsUserPoolClient,
  AllowedOAuthScopes,
  CallbackURLs,
  DefaultRedirectURI,
  LogoutURLs,
  SupportedIdentityProviders,
  AnalyticsConfiguration,
  PreventUserExistenceErrors,
  EnableTokenRevocation,
  EnablePropagateAdditionalUserContextData,
  region
)
SELECT
  '{{ client_name }}',
  '{{ explicit_auth_flows }}',
  '{{ generate_secret }}',
  '{{ read_attributes }}',
  '{{ auth_session_validity }}',
  '{{ refresh_token_validity }}',
  '{{ access_token_validity }}',
  '{{ id_token_validity }}',
  '{{ token_validity_units }}',
  '{{ refresh_token_rotation }}',
  '{{ user_pool_id }}',
  '{{ write_attributes }}',
  '{{ allowed_oauth_flows }}',
  '{{ allowed_oauth_flows_user_pool_client }}',
  '{{ allowed_oauth_scopes }}',
  '{{ callback_urls }}',
  '{{ default_redirect_uri }}',
  '{{ logout_urls }}',
  '{{ supported_identity_providers }}',
  '{{ analytics_configuration }}',
  '{{ prevent_user_existence_errors }}',
  '{{ enable_token_revocation }}',
  '{{ enable_propagate_additional_user_context_data }}',
  '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: user_pool_client
    props:
      - name: client_name
        value: '{{ client_name }}'
      - name: explicit_auth_flows
        value:
          - '{{ explicit_auth_flows[0] }}'
      - name: generate_secret
        value: '{{ generate_secret }}'
      - name: read_attributes
        value:
          - '{{ read_attributes[0] }}'
      - name: auth_session_validity
        value: '{{ auth_session_validity }}'
      - name: refresh_token_validity
        value: '{{ refresh_token_validity }}'
      - name: access_token_validity
        value: '{{ access_token_validity }}'
      - name: id_token_validity
        value: '{{ id_token_validity }}'
      - name: token_validity_units
        value:
          access_token: '{{ access_token }}'
          id_token: '{{ id_token }}'
          refresh_token: '{{ refresh_token }}'
      - name: refresh_token_rotation
        value:
          feature: '{{ feature }}'
          retry_grace_period_seconds: '{{ retry_grace_period_seconds }}'
      - name: user_pool_id
        value: '{{ user_pool_id }}'
      - name: write_attributes
        value:
          - '{{ write_attributes[0] }}'
      - name: allowed_oauth_flows
        value:
          - '{{ allowed_oauth_flows[0] }}'
      - name: allowed_oauth_flows_user_pool_client
        value: '{{ allowed_oauth_flows_user_pool_client }}'
      - name: allowed_oauth_scopes
        value:
          - '{{ allowed_oauth_scopes[0] }}'
      - name: callback_urls
        value:
          - '{{ callback_urls[0] }}'
      - name: default_redirect_uri
        value: '{{ default_redirect_uri }}'
      - name: logout_urls
        value:
          - '{{ logout_urls[0] }}'
      - name: supported_identity_providers
        value:
          - '{{ supported_identity_providers[0] }}'
      - name: analytics_configuration
        value:
          application_arn: '{{ application_arn }}'
          application_id: '{{ application_id }}'
          external_id: '{{ external_id }}'
          role_arn: '{{ role_arn }}'
          user_data_shared: '{{ user_data_shared }}'
      - name: prevent_user_existence_errors
        value: '{{ prevent_user_existence_errors }}'
      - name: enable_token_revocation
        value: '{{ enable_token_revocation }}'
      - name: enable_propagate_additional_user_context_data
        value: '{{ enable_propagate_additional_user_context_data }}'

`UPDATE` example

Use the following StackQL query and manifest file to update a user_pool_client resource, using stack-deploy.

/*+ update */
UPDATE awscc.cognito.user_pool_clients
SET PatchDocument = string('{{ {
    "ClientName": client_name,
    "ExplicitAuthFlows": explicit_auth_flows,
    "ReadAttributes": read_attributes,
    "AuthSessionValidity": auth_session_validity,
    "RefreshTokenValidity": refresh_token_validity,
    "AccessTokenValidity": access_token_validity,
    "IdTokenValidity": id_token_validity,
    "TokenValidityUnits": token_validity_units,
    "RefreshTokenRotation": refresh_token_rotation,
    "WriteAttributes": write_attributes,
    "AllowedOAuthFlows": allowed_oauth_flows,
    "AllowedOAuthFlowsUserPoolClient": allowed_oauth_flows_user_pool_client,
    "AllowedOAuthScopes": allowed_oauth_scopes,
    "CallbackURLs": callback_urls,
    "DefaultRedirectURI": default_redirect_uri,
    "LogoutURLs": logout_urls,
    "SupportedIdentityProviders": supported_identity_providers,
    "AnalyticsConfiguration": analytics_configuration,
    "PreventUserExistenceErrors": prevent_user_existence_errors,
    "EnableTokenRevocation": enable_token_revocation,
    "EnablePropagateAdditionalUserContextData": enable_propagate_additional_user_context_data
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ user_pool_id }}|{{ client_id }}';

`DELETE` example

/*+ delete */
DELETE FROM awscc.cognito.user_pool_clients
WHERE
  Identifier = '{{ user_pool_id }}|{{ client_id }}' AND
  region = 'us-east-1';

Permissions

To operate on the user_pool_clients resource, the following permissions are required:

Create
Read
Update
Delete
List

cognito-idp:CreateUserPoolClient,
iam:PassRole,
iam:PutRolePolicy,
iam:CreateServiceLinkedRole

cognito-idp:DescribeUserPoolClient

cognito-idp:UpdateUserPoolClient,
iam:PassRole,
iam:PutRolePolicy

cognito-idp:DeleteUserPoolClient,
iam:PutRolePolicy,
iam:DeleteRolePolicy

cognito-idp:ListUserPoolClients

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

UPDATE example​

DELETE example​

Permissions​