Managed
Use the aws.cognito.UserPoolClient resource to manage a Cognito User Pool Client. This resource is advanced and has special caveats to consider before use. Please read this document completely before using the resource. Use the aws.cognito.ManagedUserPoolClient resource to manage a Cognito User Pool Client that is automatically created by an AWS service. For instance, when configuring an OpenSearch Domain to use Cognito authentication, the OpenSearch service creates the User Pool Client during setup and removes it when it is no longer required. As a result, the aws.cognito.ManagedUserPoolClient resource does not create or delete this resource, but instead assumes management of it. Use the aws.cognito.UserPoolClient resource to manage Cognito User Pool Clients for normal use cases.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.IdentityPool;
import com.pulumi.aws.cognito.IdentityPoolArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetPartitionArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.opensearch.Domain;
import com.pulumi.aws.opensearch.DomainArgs;
import com.pulumi.aws.opensearch.inputs.DomainCognitoOptionsArgs;
import com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;
import com.pulumi.aws.cognito.ManagedUserPoolClient;
import com.pulumi.aws.cognito.ManagedUserPoolClientArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleUserPool = new UserPool("exampleUserPool");
var exampleIdentityPool = new IdentityPool("exampleIdentityPool", IdentityPoolArgs.builder()
.identityPoolName("example")
.build());
final var current = AwsFunctions.getPartition();
final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.sid("")
.actions("sts:AssumeRole")
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers(String.format("es.%s", current.applyValue(getPartitionResult -> getPartitionResult.dnsSuffix())))
.build())
.build())
.build());
var exampleRole = new Role("exampleRole", RoleArgs.builder()
.path("/service-role/")
.assumeRolePolicy(examplePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var exampleRolePolicyAttachment = new RolePolicyAttachment("exampleRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.role(exampleRole.name())
.policyArn(String.format("arn:%s:iam::aws:policy/AmazonESCognitoAccess", current.applyValue(getPartitionResult -> getPartitionResult.partition())))
.build());
var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
.cognitoOptions(DomainCognitoOptionsArgs.builder()
.enabled(true)
.userPoolId(exampleUserPool.id())
.identityPoolId(exampleIdentityPool.id())
.roleArn(exampleRole.arn())
.build())
.ebsOptions(DomainEbsOptionsArgs.builder()
.ebsEnabled(true)
.volumeSize(10)
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
aws_cognito_user_pool_domain.example(),
exampleRolePolicyAttachment)
.build());
var exampleManagedUserPoolClient = new ManagedUserPoolClient("exampleManagedUserPoolClient", ManagedUserPoolClientArgs.builder()
.namePrefix("AmazonOpenSearchService-example")
.userPoolId(exampleUserPool.id())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleDomain)
.build());
}
}Import
Using pulumi import, import Cognito User Pool Clients using the id of the Cognito User Pool and the id of the Cognito User Pool Client. For example:
$ pulumi import aws:cognito/managedUserPoolClient:ManagedUserPoolClient client us-west-2_abc123/3ho4ek12345678909nh3fmhpko