user_pool_clients

Creates, updates, deletes or gets an user_pool_client resource or lists user_pool_clients in a region

Overview

Name	`user_pool_clients`
Type	Resource
Description	Resource Type definition for AWS::Cognito::UserPoolClient
Id	`aws.cognito.user_pool_clients`

Fields

Name	Datatype	Description
`client_name`	`string`
`explicit_auth_flows`	`array`
`generate_secret`	`boolean`
`read_attributes`	`array`
`auth_session_validity`	`integer`
`refresh_token_validity`	`integer`
`access_token_validity`	`integer`
`id_token_validity`	`integer`
`token_validity_units`	`object`
`user_pool_id`	`string`
`write_attributes`	`array`
`allowed_oauth_flows`	`array`
`allowed_oauth_flows_user_pool_client`	`boolean`
`allowed_oauth_scopes`	`array`
`callback_urls`	`array`
`default_redirect_uri`	`string`
`logout_urls`	`array`
`supported_identity_providers`	`array`
`analytics_configuration`	`object`
`prevent_user_existence_errors`	`string`
`enable_token_revocation`	`boolean`
`enable_propagate_additional_user_context_data`	`boolean`
`name`	`string`
`client_secret`	`string`
`client_id`	`string`
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`UserPoolId, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all user_pool_clients in a region.

SELECT
region,
client_name,
explicit_auth_flows,
generate_secret,
read_attributes,
auth_session_validity,
refresh_token_validity,
access_token_validity,
id_token_validity,
token_validity_units,
user_pool_id,
write_attributes,
allowed_oauth_flows,
allowed_oauth_flows_user_pool_client,
allowed_oauth_scopes,
callback_urls,
default_redirect_uri,
logout_urls,
supported_identity_providers,
analytics_configuration,
prevent_user_existence_errors,
enable_token_revocation,
enable_propagate_additional_user_context_data,
name,
client_secret,
client_id
FROM aws.cognito.user_pool_clients
WHERE region = 'us-east-1';

Gets all properties from an individual user_pool_client.

SELECT
region,
client_name,
explicit_auth_flows,
generate_secret,
read_attributes,
auth_session_validity,
refresh_token_validity,
access_token_validity,
id_token_validity,
token_validity_units,
user_pool_id,
write_attributes,
allowed_oauth_flows,
allowed_oauth_flows_user_pool_client,
allowed_oauth_scopes,
callback_urls,
default_redirect_uri,
logout_urls,
supported_identity_providers,
analytics_configuration,
prevent_user_existence_errors,
enable_token_revocation,
enable_propagate_additional_user_context_data,
name,
client_secret,
client_id
FROM aws.cognito.user_pool_clients
WHERE region = 'us-east-1' AND data__Identifier = '<UserPoolId>|<ClientId>';

`INSERT` example

Use the following StackQL query and manifest file to create a new user_pool_client resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.cognito.user_pool_clients (
 UserPoolId,
 region
)
SELECT 
'{{ UserPoolId }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.cognito.user_pool_clients (
 ClientName,
 ExplicitAuthFlows,
 GenerateSecret,
 ReadAttributes,
 AuthSessionValidity,
 RefreshTokenValidity,
 AccessTokenValidity,
 IdTokenValidity,
 TokenValidityUnits,
 UserPoolId,
 WriteAttributes,
 AllowedOAuthFlows,
 AllowedOAuthFlowsUserPoolClient,
 AllowedOAuthScopes,
 CallbackURLs,
 DefaultRedirectURI,
 LogoutURLs,
 SupportedIdentityProviders,
 AnalyticsConfiguration,
 PreventUserExistenceErrors,
 EnableTokenRevocation,
 EnablePropagateAdditionalUserContextData,
 region
)
SELECT 
 '{{ ClientName }}',
 '{{ ExplicitAuthFlows }}',
 '{{ GenerateSecret }}',
 '{{ ReadAttributes }}',
 '{{ AuthSessionValidity }}',
 '{{ RefreshTokenValidity }}',
 '{{ AccessTokenValidity }}',
 '{{ IdTokenValidity }}',
 '{{ TokenValidityUnits }}',
 '{{ UserPoolId }}',
 '{{ WriteAttributes }}',
 '{{ AllowedOAuthFlows }}',
 '{{ AllowedOAuthFlowsUserPoolClient }}',
 '{{ AllowedOAuthScopes }}',
 '{{ CallbackURLs }}',
 '{{ DefaultRedirectURI }}',
 '{{ LogoutURLs }}',
 '{{ SupportedIdentityProviders }}',
 '{{ AnalyticsConfiguration }}',
 '{{ PreventUserExistenceErrors }}',
 '{{ EnableTokenRevocation }}',
 '{{ EnablePropagateAdditionalUserContextData }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: user_pool_client
    props:
      - name: ClientName
        value: '{{ ClientName }}'
      - name: ExplicitAuthFlows
        value:
          - '{{ ExplicitAuthFlows[0] }}'
      - name: GenerateSecret
        value: '{{ GenerateSecret }}'
      - name: ReadAttributes
        value:
          - '{{ ReadAttributes[0] }}'
      - name: AuthSessionValidity
        value: '{{ AuthSessionValidity }}'
      - name: RefreshTokenValidity
        value: '{{ RefreshTokenValidity }}'
      - name: AccessTokenValidity
        value: '{{ AccessTokenValidity }}'
      - name: IdTokenValidity
        value: '{{ IdTokenValidity }}'
      - name: TokenValidityUnits
        value:
          AccessToken: '{{ AccessToken }}'
          IdToken: '{{ IdToken }}'
          RefreshToken: '{{ RefreshToken }}'
      - name: UserPoolId
        value: '{{ UserPoolId }}'
      - name: WriteAttributes
        value:
          - '{{ WriteAttributes[0] }}'
      - name: AllowedOAuthFlows
        value:
          - '{{ AllowedOAuthFlows[0] }}'
      - name: AllowedOAuthFlowsUserPoolClient
        value: '{{ AllowedOAuthFlowsUserPoolClient }}'
      - name: AllowedOAuthScopes
        value:
          - '{{ AllowedOAuthScopes[0] }}'
      - name: CallbackURLs
        value:
          - '{{ CallbackURLs[0] }}'
      - name: DefaultRedirectURI
        value: '{{ DefaultRedirectURI }}'
      - name: LogoutURLs
        value:
          - '{{ LogoutURLs[0] }}'
      - name: SupportedIdentityProviders
        value:
          - '{{ SupportedIdentityProviders[0] }}'
      - name: AnalyticsConfiguration
        value:
          ApplicationArn: '{{ ApplicationArn }}'
          ApplicationId: '{{ ApplicationId }}'
          ExternalId: '{{ ExternalId }}'
          RoleArn: '{{ RoleArn }}'
          UserDataShared: '{{ UserDataShared }}'
      - name: PreventUserExistenceErrors
        value: '{{ PreventUserExistenceErrors }}'
      - name: EnableTokenRevocation
        value: '{{ EnableTokenRevocation }}'
      - name: EnablePropagateAdditionalUserContextData
        value: '{{ EnablePropagateAdditionalUserContextData }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.cognito.user_pool_clients
WHERE data__Identifier = '<UserPoolId|ClientId>'
AND region = 'us-east-1';

Permissions

To operate on the user_pool_clients resource, the following permissions are required:

Create

cognito-idp:CreateUserPoolClient,
iam:PassRole,
iam:PutRolePolicy,
iam:CreateServiceLinkedRole

Read

cognito-idp:DescribeUserPoolClient

Update

cognito-idp:UpdateUserPoolClient,
iam:PassRole,
iam:PutRolePolicy

Delete

cognito-idp:DeleteUserPoolClient,
iam:PutRolePolicy,
iam:DeleteRolePolicy

List

cognito-idp:ListUserPoolClients

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​