y13i/file0.yml

## file0.yml
AWSTemplateFormatVersion: "2010-09-09"
Description: "Example template including Cognito Identity Pool and User Pool."
Parameters:
  EmailIdentityArn:
    Type: String
Resources:
  UserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName:
        Fn::Join:
          - ""
          - - Ref: AWS::StackName
            - Users
      AdminCreateUserConfig:
        AllowAdminCreateUserOnly: false
      AliasAttributes:
      - email
      - preferred_username
      AutoVerifiedAttributes:
      - email
      EmailConfiguration:
        SourceArn:
          Ref: EmailIdentityArn
      Policies:
        PasswordPolicy:
          MinimumLength: 8
          RequireLowercase: true
          RequireNumbers: true
          RequireSymbols: false
          RequireUppercase: true
      Schema:
      - Name: email
        AttributeDataType: String
        DeveloperOnlyAttribute: false
        Mutable: true
        Required: true
      - Name: preferred_username
        AttributeDataType: String
        DeveloperOnlyAttribute: false
        Mutable: true
        Required: false
  UserPoolClient:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      ClientName:
        Fn::Join:
          - ""
          - - Ref: AWS::StackName
            - Users-client
      GenerateSecret: false
      RefreshTokenValidity: 7
      UserPoolId:
        Ref: UserPool
  IdentityPool:
    Type: AWS::Cognito::IdentityPool
    Properties:
      AllowUnauthenticatedIdentities: true
      IdentityPoolName:
        Fn::Join:
          - ""
          - - Ref: AWS::StackName
            - Users
      CognitoIdentityProviders:
      - ClientId:
          Ref: UserPoolClient
        ProviderName:
          Fn::Join:
          - ""
          - - cognito-idp.
            - Ref: "AWS::Region"
            - .amazonaws.com/
            - Ref: UserPool
  UnauthenticatedPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: Allow
          Action:
          - mobileanalytics:PutEvents
          - cognito-sync:*
          Resource:
          - "*"
  UnauthenticatedRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: Allow
          Action: "sts:AssumeRoleWithWebIdentity"
          Principal:
            Federated: cognito-identity.amazonaws.com
          Condition:
            StringEquals:
              "cognito-identity.amazonaws.com:aud":
                Ref: IdentityPool
            ForAnyValue:StringLike:
              "cognito-identity.amazonaws.com:amr": unauthenticated
      ManagedPolicyArns:
      - Ref: UnauthenticatedPolicy
  AuthenticatedPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: Allow
          Action:
          - mobileanalytics:PutEvents
          - cognito-sync:*
          - cognito-identity:*
          Resource:
          - "*"
  AuthenticatedRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: Allow
          Action: "sts:AssumeRoleWithWebIdentity"
          Principal:
            Federated: cognito-identity.amazonaws.com
          Condition:
            StringEquals:
              "cognito-identity.amazonaws.com:aud":
                Ref: IdentityPool
            ForAnyValue:StringLike:
              "cognito-identity.amazonaws.com:amr": authenticated
      ManagedPolicyArns:
      - Ref: AuthenticatedPolicy
  RoleAttachment:
    Type: AWS::Cognito::IdentityPoolRoleAttachment
    Properties:
      IdentityPoolId:
        Ref: IdentityPool
      Roles:
        unauthenticated:
          Fn::GetAtt:
          - UnauthenticatedRole
          - Arn
        authenticated:
          Fn::GetAtt:
          - AuthenticatedRole
          - Arn
Outputs:
  UserPool:
    Value:
      Ref: UserPool
  UserPoolClient:
    Value:
      Ref: UserPoolClient
  IdentityPool:
    Value:
      Ref: IdentityPool
  UnauthenticatedRole:
    Value:
      Ref: UnauthenticatedRole
  AuthenticatedRole:
    Value:
      Ref: AuthenticatedRole
	AWSTemplateFormatVersion: "2010-09-09"
	Description: "Example template including Cognito Identity Pool and User Pool."
	Parameters:
	EmailIdentityArn:
	Type: String
	Resources:
	UserPool:
	Type: AWS::Cognito::UserPool
	Properties:
	UserPoolName:
	Fn::Join:
	- ""
	- - Ref: AWS::StackName
	- Users
	AdminCreateUserConfig:
	AllowAdminCreateUserOnly: false
	AliasAttributes:
	- email
	- preferred_username
	AutoVerifiedAttributes:
	- email
	EmailConfiguration:
	SourceArn:
	Ref: EmailIdentityArn
	Policies:
	PasswordPolicy:
	MinimumLength: 8
	RequireLowercase: true
	RequireNumbers: true
	RequireSymbols: false
	RequireUppercase: true
	Schema:
	- Name: email
	AttributeDataType: String
	DeveloperOnlyAttribute: false
	Mutable: true
	Required: true
	- Name: preferred_username
	AttributeDataType: String
	DeveloperOnlyAttribute: false
	Mutable: true
	Required: false
	UserPoolClient:
	Type: AWS::Cognito::UserPoolClient
	Properties:
	ClientName:
	Fn::Join:
	- ""
	- - Ref: AWS::StackName
	- Users-client
	GenerateSecret: false
	RefreshTokenValidity: 7
	UserPoolId:
	Ref: UserPool
	IdentityPool:
	Type: AWS::Cognito::IdentityPool
	Properties:
	AllowUnauthenticatedIdentities: true
	IdentityPoolName:
	Fn::Join:
	- ""
	- - Ref: AWS::StackName
	- Users
	CognitoIdentityProviders:
	- ClientId:
	Ref: UserPoolClient
	ProviderName:
	Fn::Join:
	- ""
	- - cognito-idp.
	- Ref: "AWS::Region"
	- .amazonaws.com/
	- Ref: UserPool
	UnauthenticatedPolicy:
	Type: AWS::IAM::ManagedPolicy
	Properties:
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Action:
	- mobileanalytics:PutEvents
	- cognito-sync:*
	Resource:
	- "*"
	UnauthenticatedRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Action: "sts:AssumeRoleWithWebIdentity"
	Principal:
	Federated: cognito-identity.amazonaws.com
	Condition:
	StringEquals:
	"cognito-identity.amazonaws.com:aud":
	Ref: IdentityPool
	ForAnyValue:StringLike:
	"cognito-identity.amazonaws.com:amr": unauthenticated
	ManagedPolicyArns:
	- Ref: UnauthenticatedPolicy
	AuthenticatedPolicy:
	Type: AWS::IAM::ManagedPolicy
	Properties:
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Action:
	- mobileanalytics:PutEvents
	- cognito-sync:*
	- cognito-identity:*
	Resource:
	- "*"
	AuthenticatedRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Action: "sts:AssumeRoleWithWebIdentity"
	Principal:
	Federated: cognito-identity.amazonaws.com
	Condition:
	StringEquals:
	"cognito-identity.amazonaws.com:aud":
	Ref: IdentityPool
	ForAnyValue:StringLike:
	"cognito-identity.amazonaws.com:amr": authenticated
	ManagedPolicyArns:
	- Ref: AuthenticatedPolicy
	RoleAttachment:
	Type: AWS::Cognito::IdentityPoolRoleAttachment
	Properties:
	IdentityPoolId:
	Ref: IdentityPool
	Roles:
	unauthenticated:
	Fn::GetAtt:
	- UnauthenticatedRole
	- Arn
	authenticated:
	Fn::GetAtt:
	- AuthenticatedRole
	- Arn
	Outputs:
	UserPool:
	Value:
	Ref: UserPool
	UserPoolClient:
	Value:
	Ref: UserPoolClient
	IdentityPool:
	Value:
	Ref: IdentityPool
	UnauthenticatedRole:
	Value:
	Ref: UnauthenticatedRole
	AuthenticatedRole:
	Value:
	Ref: AuthenticatedRole