mims92/AWSCognitoGoogleIdp.yaml

## AWSCognitoGoogleIdp.yaml
  # Google IdP for AWS Cognito
  # IdP: Only google
  # auth type: code
  AWSTemplateFormatVersion: '2010-09-09'

  Parameters:
      GoogleClientId:
          NoEcho: True
          Type: String
      GoogleClientSecret:
          NoEcho: True
          Type: String
      UserPoolName:
          Type: String
      CallbackLoginUrl:
          Description: full URL of the login page. ie. https://www.acme.com/login
          Type: String
      Domain:
          Description: Domain name for Cognito. ie. acme (results in https://acme.auth.eu-central-1.amazoncognito.com)
          Type: String

  UserPool:
        Type: AWS::Cognito::UserPool
        Properties:
            UserPoolName: !Ref UserPoolName
            AutoVerifiedAttributes:
                - email

    # Creates a User Pool Client to be used by the identity pool
    UserPoolClient:
        Type: AWS::Cognito::UserPoolClient
        Properties:
            #24 hours
            AccessTokenValidity: 24
            AllowedOAuthFlows:
                - code
            ClientName: !Sub ${UserPoolName}-user-pool
            UserPoolId: !Ref UserPool
            CallbackURLs:
                - !Ref CallbackLoginUrl
            SupportedIdentityProviders:
                - Google
    # Creates a federated Identity pool
    IdentityPool:
        Type: AWS::Cognito::IdentityPool
        Properties:
            IdentityPoolName: !Sub ${UserPoolName}-identity
            AllowUnauthenticatedIdentities: true
            CognitoIdentityProviders:
                -   ClientId: !Ref UserPoolClient
                    ProviderName: !GetAtt UserPool.ProviderName
    GoogleIdP:
        Type: AWS::Cognito::UserPoolIdentityProvider
        Properties:
            UserPoolId: !Ref UserPool
            ProviderName: Google
            ProviderDetails:
                client_id: !Ref GoogleClientId
                client_secret: !Ref GoogleClientSecret
                authorize_scopes: "profile email openid"
            ProviderType: Google
            AttributeMapping:
                email: "email"
                name: "name"
                picture: "picture"
                given_name: "given name"
                sub: "username"

    UserPoolDomain:
        Type: AWS::Cognito::UserPoolDomain
        Properties:
            Domain: !Ref Domain
            UserPoolId: !Ref UserPool
	# Google IdP for AWS Cognito
	# IdP: Only google
	# auth type: code
	AWSTemplateFormatVersion: '2010-09-09'

	Parameters:
	GoogleClientId:
	NoEcho: True
	Type: String
	GoogleClientSecret:
	NoEcho: True
	Type: String
	UserPoolName:
	Type: String
	CallbackLoginUrl:
	Description: full URL of the login page. ie. https://www.acme.com/login
	Type: String
	Domain:
	Description: Domain name for Cognito. ie. acme (results in https://acme.auth.eu-central-1.amazoncognito.com)
	Type: String

	UserPool:
	Type: AWS::Cognito::UserPool
	Properties:
	UserPoolName: !Ref UserPoolName
	AutoVerifiedAttributes:
	- email

	# Creates a User Pool Client to be used by the identity pool
	UserPoolClient:
	Type: AWS::Cognito::UserPoolClient
	Properties:
	#24 hours
	AccessTokenValidity: 24
	AllowedOAuthFlows:
	- code
	ClientName: !Sub ${UserPoolName}-user-pool
	UserPoolId: !Ref UserPool
	CallbackURLs:
	- !Ref CallbackLoginUrl
	SupportedIdentityProviders:
	- Google
	# Creates a federated Identity pool
	IdentityPool:
	Type: AWS::Cognito::IdentityPool
	Properties:
	IdentityPoolName: !Sub ${UserPoolName}-identity
	AllowUnauthenticatedIdentities: true
	CognitoIdentityProviders:
	- ClientId: !Ref UserPoolClient
	ProviderName: !GetAtt UserPool.ProviderName
	GoogleIdP:
	Type: AWS::Cognito::UserPoolIdentityProvider
	Properties:
	UserPoolId: !Ref UserPool
	ProviderName: Google
	ProviderDetails:
	client_id: !Ref GoogleClientId
	client_secret: !Ref GoogleClientSecret
	authorize_scopes: "profile email openid"
	ProviderType: Google
	AttributeMapping:
	email: "email"
	name: "name"
	picture: "picture"
	given_name: "given name"
	sub: "username"

	UserPoolDomain:
	Type: AWS::Cognito::UserPoolDomain
	Properties:
	Domain: !Ref Domain
	UserPoolId: !Ref UserPool