Skip to content

Instantly share code, notes, and snippets.

@mims92
Created October 19, 2021 20:41
Show Gist options
  • Save mims92/74e1ffd64e473d1177a51f792c0e5daa to your computer and use it in GitHub Desktop.
Save mims92/74e1ffd64e473d1177a51f792c0e5daa to your computer and use it in GitHub Desktop.
AWS Cloudformation for Cognito with Google Idp
# Google IdP for AWS Cognito
# IdP: Only google
# auth type: code
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
GoogleClientId:
NoEcho: True
Type: String
GoogleClientSecret:
NoEcho: True
Type: String
UserPoolName:
Type: String
CallbackLoginUrl:
Description: full URL of the login page. ie. https://www.acme.com/login
Type: String
Domain:
Description: Domain name for Cognito. ie. acme (results in https://acme.auth.eu-central-1.amazoncognito.com)
Type: String
UserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: !Ref UserPoolName
AutoVerifiedAttributes:
- email
# Creates a User Pool Client to be used by the identity pool
UserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
#24 hours
AccessTokenValidity: 24
AllowedOAuthFlows:
- code
ClientName: !Sub ${UserPoolName}-user-pool
UserPoolId: !Ref UserPool
CallbackURLs:
- !Ref CallbackLoginUrl
SupportedIdentityProviders:
- Google
# Creates a federated Identity pool
IdentityPool:
Type: AWS::Cognito::IdentityPool
Properties:
IdentityPoolName: !Sub ${UserPoolName}-identity
AllowUnauthenticatedIdentities: true
CognitoIdentityProviders:
- ClientId: !Ref UserPoolClient
ProviderName: !GetAtt UserPool.ProviderName
GoogleIdP:
Type: AWS::Cognito::UserPoolIdentityProvider
Properties:
UserPoolId: !Ref UserPool
ProviderName: Google
ProviderDetails:
client_id: !Ref GoogleClientId
client_secret: !Ref GoogleClientSecret
authorize_scopes: "profile email openid"
ProviderType: Google
AttributeMapping:
email: "email"
name: "name"
picture: "picture"
given_name: "given name"
sub: "username"
UserPoolDomain:
Type: AWS::Cognito::UserPoolDomain
Properties:
Domain: !Ref Domain
UserPoolId: !Ref UserPool
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment