pulumi-aws-kotlin/com.pulumi.aws.cognito.kotlin/ManagedUserPoolClientArgs

ManagedUserPoolClientArgs

data class ManagedUserPoolClientArgs(val accessTokenValidity: Output<Int>? = null, val allowedOauthFlows: Output<List<String>>? = null, val allowedOauthFlowsUserPoolClient: Output<Boolean>? = null, val allowedOauthScopes: Output<List<String>>? = null, val analyticsConfiguration: Output<ManagedUserPoolClientAnalyticsConfigurationArgs>? = null, val authSessionValidity: Output<Int>? = null, val callbackUrls: Output<List<String>>? = null, val defaultRedirectUri: Output<String>? = null, val enablePropagateAdditionalUserContextData: Output<Boolean>? = null, val enableTokenRevocation: Output<Boolean>? = null, val explicitAuthFlows: Output<List<String>>? = null, val idTokenValidity: Output<Int>? = null, val logoutUrls: Output<List<String>>? = null, val namePattern: Output<String>? = null, val namePrefix: Output<String>? = null, val preventUserExistenceErrors: Output<String>? = null, val readAttributes: Output<List<String>>? = null, val refreshTokenRotation: Output<ManagedUserPoolClientRefreshTokenRotationArgs>? = null, val refreshTokenValidity: Output<Int>? = null, val supportedIdentityProviders: Output<List<String>>? = null, val tokenValidityUnits: Output<ManagedUserPoolClientTokenValidityUnitsArgs>? = null, val userPoolId: Output<String>? = null, val writeAttributes: Output<List<String>>? = null) : ConvertibleToJava<ManagedUserPoolClientArgs>

Use the aws.cognito.UserPoolClient resource to manage a Cognito User Pool Client. This resource is advanced and has special caveats to consider before use. Please read this document completely before using the resource. Use the aws.cognito.ManagedUserPoolClient resource to manage a Cognito User Pool Client that is automatically created by an AWS service. For instance, when configuring an OpenSearch Domain to use Cognito authentication, the OpenSearch service creates the User Pool Client during setup and removes it when it is no longer required. As a result, the aws.cognito.ManagedUserPoolClient resource does not create or delete this resource, but instead assumes management of it. Use the aws.cognito.UserPoolClient resource to manage Cognito User Pool Clients for normal use cases.

Example Usage

Using Name Pattern

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.cognito.ManagedUserPoolClient("example", {
    namePattern: "^AmazonOpenSearchService-example-(\\w+)$",
    userPoolId: exampleAwsCognitoUserPool.id,
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.cognito.ManagedUserPoolClient("example",
    name_pattern="^AmazonOpenSearchService-example-(\\w+)$",
    user_pool_id=example_aws_cognito_user_pool["id"])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.Cognito.ManagedUserPoolClient("example", new()
    {
        NamePattern = "^AmazonOpenSearchService-example-(\\w+)$",
        UserPoolId = exampleAwsCognitoUserPool.Id,
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cognito.NewManagedUserPoolClient(ctx, "example", &cognito.ManagedUserPoolClientArgs{
			NamePattern: pulumi.String("^AmazonOpenSearchService-example-(\\w+)$"),
			UserPoolId:  pulumi.Any(exampleAwsCognitoUserPool.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.ManagedUserPoolClient;
import com.pulumi.aws.cognito.ManagedUserPoolClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new ManagedUserPoolClient("example", ManagedUserPoolClientArgs.builder()
            .namePattern("^AmazonOpenSearchService-example-(\\w+)$")
            .userPoolId(exampleAwsCognitoUserPool.id())
            .build());
    }
}
Content copied to clipboard
resources:
  example:
    type: aws:cognito:ManagedUserPoolClient
    properties:
      namePattern: ^AmazonOpenSearchService-example-(\w+)$
      userPoolId: ${exampleAwsCognitoUserPool.id}
Content copied to clipboard

Import

Using pulumi import, import Cognito User Pool Clients using the id of the Cognito User Pool and the id of the Cognito User Pool Client. For example:

$ pulumi import aws:cognito/managedUserPoolClient:ManagedUserPoolClient client us-west-2_abc123/3ho4ek12345678909nh3fmhpko
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(accessTokenValidity: Output<Int>? = null, allowedOauthFlows: Output<List<String>>? = null, allowedOauthFlowsUserPoolClient: Output<Boolean>? = null, allowedOauthScopes: Output<List<String>>? = null, analyticsConfiguration: Output<ManagedUserPoolClientAnalyticsConfigurationArgs>? = null, authSessionValidity: Output<Int>? = null, callbackUrls: Output<List<String>>? = null, defaultRedirectUri: Output<String>? = null, enablePropagateAdditionalUserContextData: Output<Boolean>? = null, enableTokenRevocation: Output<Boolean>? = null, explicitAuthFlows: Output<List<String>>? = null, idTokenValidity: Output<Int>? = null, logoutUrls: Output<List<String>>? = null, namePattern: Output<String>? = null, namePrefix: Output<String>? = null, preventUserExistenceErrors: Output<String>? = null, readAttributes: Output<List<String>>? = null, refreshTokenRotation: Output<ManagedUserPoolClientRefreshTokenRotationArgs>? = null, refreshTokenValidity: Output<Int>? = null, supportedIdentityProviders: Output<List<String>>? = null, tokenValidityUnits: Output<ManagedUserPoolClientTokenValidityUnitsArgs>? = null, userPoolId: Output<String>? = null, writeAttributes: Output<List<String>>? = null)

Properties

Link copied to clipboard
val accessTokenValidity: Output<Int>? = null

Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

Link copied to clipboard
val allowedOauthFlows: Output<List<String>>? = null

List of allowed OAuth flows, including code, implicit, and client_credentials. allowed_oauth_flows_user_pool_client must be set to true before you can configure this option.

Link copied to clipboard
val allowedOauthFlowsUserPoolClient: Output<Boolean>? = null

Whether the client is allowed to use OAuth 2.0 features. allowed_oauth_flows_user_pool_client must be set to true before you can configure the following arguments: callback_urls, logout_urls, allowed_oauth_scopes and allowed_oauth_flows.

Link copied to clipboard
val allowedOauthScopes: Output<List<String>>? = null

List of allowed OAuth scopes, including phone, email, openid, profile, and aws.cognito.signin.user.admin. allowed_oauth_flows_user_pool_client must be set to true before you can configure this option.

Link copied to clipboard
val analyticsConfiguration: Output<ManagedUserPoolClientAnalyticsConfigurationArgs>? = null

Configuration block for Amazon Pinpoint analytics that collects metrics for this user pool. See details below.

Link copied to clipboard
val authSessionValidity: Output<Int>? = null

Duration, in minutes, of the session token created by Amazon Cognito for each API request in an authentication flow. The session token must be responded to by the native user of the user pool before it expires. Valid values for auth_session_validity are between 3 and 15, with a default value of 3.

Link copied to clipboard
val callbackUrls: Output<List<String>>? = null

List of allowed callback URLs for the identity providers. allowed_oauth_flows_user_pool_client must be set to true before you can configure this option.

Link copied to clipboard
val defaultRedirectUri: Output<String>? = null

Default redirect URI and must be included in the list of callback URLs.

Link copied to clipboard
val enablePropagateAdditionalUserContextData: Output<Boolean>? = null

Enables the propagation of additional user context data.

Link copied to clipboard
val enableTokenRevocation: Output<Boolean>? = null

Enables or disables token revocation.

Link copied to clipboard
val explicitAuthFlows: Output<List<String>>? = null

List of authentication flows. The available options include ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_REFRESH_TOKEN_AUTH.

Link copied to clipboard
val idTokenValidity: Output<Int>? = null

Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

Link copied to clipboard
val logoutUrls: Output<List<String>>? = null

List of allowed logout URLs for the identity providers. allowed_oauth_flows_user_pool_client must be set to true before you can configure this option.

Link copied to clipboard
val namePattern: Output<String>? = null

Regular expression that matches the name of the existing User Pool Client to be managed. It must only match one User Pool Client.

Link copied to clipboard
val namePrefix: Output<String>? = null

String that matches the beginning of the name of the existing User Pool Client to be managed. It must match only one User Pool Client. The following arguments are optional:

Link copied to clipboard
val preventUserExistenceErrors: Output<String>? = null

Setting determines the errors and responses returned by Cognito APIs when a user does not exist in the user pool during authentication, account confirmation, and password recovery.

Link copied to clipboard
val readAttributes: Output<List<String>>? = null

List of user pool attributes that the application client can read from.

Link copied to clipboard
val refreshTokenRotation: Output<ManagedUserPoolClientRefreshTokenRotationArgs>? = null

A block that specifies the configuration of refresh token rotation. Detailed below.

Link copied to clipboard
val refreshTokenValidity: Output<Int>? = null

Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

Link copied to clipboard
val supportedIdentityProviders: Output<List<String>>? = null

List of provider names for the identity providers that are supported on this client. It uses the provider_name attribute of the aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

Link copied to clipboard
val tokenValidityUnits: Output<ManagedUserPoolClientTokenValidityUnitsArgs>? = null

Configuration block for representing the validity times in units. See details below. Detailed below.

Link copied to clipboard
val userPoolId: Output<String>? = null

User pool that the client belongs to.

Link copied to clipboard
val writeAttributes: Output<List<String>>? = null

List of user pool attributes that the application client can write to.

Functions

Link copied to clipboard
open override fun toJava(): ManagedUserPoolClientArgs