Created
January 30, 2020 20:45
-
-
Save RyPope/c304b62a90686abbe0777f5a09e4ddb5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Transform: AWS::Serverless-2016-10-31 | |
Description: Cognito Resources for your Service. | |
Resources: | |
LambdaForCloudFormation: | |
Type: 'AWS::IAM::Role' | |
Properties: | |
RoleName: LambdaForCloudFormation | |
AssumeRolePolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- | |
Effect: Allow | |
Action: 'sts:AssumeRole' | |
Principal: | |
Service: lambda.amazonaws.com | |
Policies: | |
- | |
PolicyName: WriteCloudWatchLogs | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- | |
Effect: Allow | |
Action: | |
- 'logs:CreateLogGroup' | |
- 'logs:CreateLogStream' | |
- 'logs:PutLogEvents' | |
Resource: 'arn:aws:logs:*:*:*' | |
- | |
PolicyName: UpdateUserPoolClient | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- | |
Effect: Allow | |
Action: 'cognito-idp:UpdateUserPoolClient' | |
Resource: 'arn:aws:cognito-idp:*:*:userpool/*' | |
- | |
PolicyName: ManageUserPoolDomain | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- | |
Effect: Allow | |
Action: 'cognito-idp:CreateUserPoolDomain' | |
Resource: 'arn:aws:cognito-idp:*:*:userpool/*' | |
- | |
Effect: Allow | |
Action: 'cognito-idp:DeleteUserPoolDomain' | |
Resource: 'arn:aws:cognito-idp:*:*:userpool/*' | |
- | |
Effect: Allow | |
Action: 'cognito-idp:DescribeUserPoolDomain' | |
Resource: '*' | |
- | |
PolicyName: InvokeLambdaFunction | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- | |
Effect: Allow | |
Action: 'lambda:InvokeFunction' | |
Resource: 'arn:aws:lambda:*:*:function:*' | |
CloudFormationCognitoUserPoolClientSettings: | |
Type: AWS::Serverless::Function | |
Properties: | |
Runtime: nodejs12.x | |
Handler: CloudFormationCognitoUserPoolClientSettings.default | |
CodeUri: ./dist/CloudFormationCognitoUserPoolClientSettings | |
Role: !GetAtt LambdaForCloudFormation.Arn | |
CloudFormationCognitoUserPoolDomain: | |
Type: AWS::Serverless::Function | |
Properties: | |
Runtime: nodejs12.x | |
Handler: CloudFormationCognitoUserPoolDomain.default | |
CodeUri: ./dist/CloudFormationCognitoUserPoolDomain | |
Role: !GetAtt LambdaForCloudFormation.Arn | |
CognitoUserPoolIdentityProvider: | |
Type: AWS::Cognito::UserPoolIdentityProvider | |
Properties: | |
ProviderName: Blizzard | |
AttributeMapping: | |
username: sub | |
name: battletag | |
email: email | |
ProviderDetails: | |
client_id: <Your Blizzard Client ID> | |
client_secret: <Your Blizzard Secret ID> | |
authorize_scopes: openid wow.profile | |
oidc_issuer: https://us.battle.net/oauth | |
attributes_request_method: POST | |
ProviderType: OIDC | |
UserPoolId: | |
Ref: UserPool | |
UserPool: | |
Type: AWS::Cognito::UserPool | |
Properties: | |
UserPoolName: UserPool | |
UserPoolClient: | |
Type: AWS::Cognito::UserPoolClient | |
Properties: | |
ClientName: UserPoolClient | |
GenerateSecret: false | |
UserPoolId: !Ref UserPool | |
UserPoolClientSettings: | |
Type: Custom::CognitoUserPoolClientSettings | |
Properties: | |
ServiceToken: !GetAtt CloudFormationCognitoUserPoolClientSettings.Arn | |
UserPoolId: !Ref UserPool | |
UserPoolClientId: !Ref UserPoolClient | |
SupportedIdentityProviders: | |
- Blizzard | |
CallbackURL: 'https://<your app url>/authorize' | |
LogoutURL: 'https://<your app url>/signOut' | |
AllowedOAuthFlowsUserPoolClient: true | |
AllowedOAuthFlows: | |
- code | |
AllowedOAuthScopes: | |
- openid | |
UserPoolDomain: | |
Type: Custom::CognitoUserPoolDomain | |
Properties: | |
ServiceToken: !GetAtt CloudFormationCognitoUserPoolDomain.Arn | |
UserPoolId: !Ref UserPool | |
Domain: '<your cognito domain (just the input field)>' | |
Outputs: | |
UserPoolId: | |
Value: !Ref UserPool | |
Export: | |
Name: "ServiceCognito-UserPool::Id" | |
UserPoolArn: | |
Value: !GetAtt UserPool.Arn | |
Export: | |
Name: "ServiceCognito-UserPool::Arn" | |
UserPoolClientId: | |
Value: !Ref UserPoolClient | |
Export: | |
Name: "ServiceCognito-UserPoolClient::Id" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment