Resources: bucket43879C71: Type: AWS::S3::Bucket UpdateReplacePolicy: Delete DeletionPolicy: Delete Metadata: aws:cdk:path: CognitoStack/bucket/Resource userPoolDC9497E0: Type: AWS::Cognito::UserPool Properties: AccountRecoverySetting: RecoveryMechanisms: - Name: verified_phone_number Priority: 1 - Name: verified_email Priority: 2 AdminCreateUserConfig: AllowAdminCreateUserOnly: false AutoVerifiedAttributes: - email EmailVerificationMessage: The verification code to your new account is {####} EmailVerificationSubject: Verify your new account SmsVerificationMessage: The verification code to your new account is {####} UsernameAttributes: - email UserPoolName: dev-userpool VerificationMessageTemplate: DefaultEmailOption: CONFIRM_WITH_CODE EmailMessage: The verification code to your new account is {####} EmailSubject: Verify your new account SmsMessage: The verification code to your new account is {####} UpdateReplacePolicy: Delete DeletionPolicy: Delete Metadata: aws:cdk:path: CognitoStack/userPool/Resource userPoolappclient1458744F: Type: AWS::Cognito::UserPoolClient Properties: UserPoolId: Ref: userPoolDC9497E0 AllowedOAuthFlows: - implicit - code AllowedOAuthFlowsUserPoolClient: true AllowedOAuthScopes: - profile - phone - email - openid - aws.cognito.signin.user.admin CallbackURLs: - https://example.com ExplicitAuthFlows: - ALLOW_USER_PASSWORD_AUTH - ALLOW_REFRESH_TOKEN_AUTH IdTokenValidity: 15 SupportedIdentityProviders: - COGNITO TokenValidityUnits: IdToken: minutes Metadata: aws:cdk:path: CognitoStack/userPool/app-client/Resource demoidp: Type: AWS::Cognito::IdentityPool Properties: AllowUnauthenticatedIdentities: false AllowClassicFlow: false CognitoIdentityProviders: - ClientId: Ref: userPoolappclient1458744F ProviderName: Fn::GetAtt: - userPoolDC9497E0 - ProviderName IdentityPoolName: dev-identity-pool Metadata: aws:cdk:path: CognitoStack/demo-idp idpAuthRole5905FAE6: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRoleWithWebIdentity Condition: StringEquals: cognito-identity.amazonaws.com:aud: Ref: demoidp ForAnyValue:StringLike: cognito-identity.amazonaws.com:amr: authenticated Effect: Allow Principal: Federated: cognito-identity.amazonaws.com Version: "2012-10-17" Policies: - PolicyDocument: Statement: - Action: s3:ListBucket Condition: StringLike: s3:prefix: - my-app/${cognito-identity.amazonaws.com:sub} Effect: Allow Resource: Fn::GetAtt: - bucket43879C71 - Arn - Action: - s3:ListObject - s3:PutObject - s3:DeleteObject Effect: Allow Resource: - Fn::Join: - "" - - Fn::GetAtt: - bucket43879C71 - Arn - /my-app/${cognito-identity.amazonaws.com:sub} - Fn::Join: - "" - - Fn::GetAtt: - bucket43879C71 - Arn - /my-app/${cognito-identity.amazonaws.com:sub}/* Version: "2012-10-17" PolicyName: s3Accesspolicy Metadata: aws:cdk:path: CognitoStack/idpAuthRole/Resource identitypoolroleattachment: Type: AWS::Cognito::IdentityPoolRoleAttachment Properties: IdentityPoolId: Ref: demoidp Roles: authenticated: Fn::GetAtt: - idpAuthRole5905FAE6 - Arn Metadata: aws:cdk:path: CognitoStack/identity-pool-role-attachment CDKMetadata: Type: AWS::CDK::Metadata Properties: Analytics: v2:deflate64:H4sIAAAAAAAA/02OsQ7CMAxEv6V7MJSCxAh0YgIV8QFVaiC0jVHigFCUfycpKjD5+e5sXQ75fAWzbF0/7UQ27dRLMgj+yLVsRUnasnGSRXnWe8d3N1CFlpyRmDhGGsWKdBDphbcF+K2TLQ7JDwUh6aIVE/iTRXMg6pL55RHKTqHmf+un7JoIil/j8f9eUYcbjo2vfRSDUHUPPolD2ThDCEJTg3Cz00e+gHwJRXazSk2Mi196hOoz3+bw9CsPAQAA Metadata: aws:cdk:path: CognitoStack/CDKMetadata/Default Condition: CDKMetadataAvailable Outputs: bucketName: Value: Ref: bucket43879C71 userPoolId: Value: Ref: userPoolDC9497E0 identityPoolId: Value: Ref: demoidp clientId: Value: Ref: userPoolappclient1458744F Conditions: CDKMetadataAvailable: Fn::Or: - Fn::Or: - Fn::Equals: - Ref: AWS::Region - af-south-1 - Fn::Equals: - Ref: AWS::Region - ap-east-1 - Fn::Equals: - Ref: AWS::Region - ap-northeast-1 - Fn::Equals: - Ref: AWS::Region - ap-northeast-2 - Fn::Equals: - Ref: AWS::Region - ap-south-1 - Fn::Equals: - Ref: AWS::Region - ap-southeast-1 - Fn::Equals: - Ref: AWS::Region - ap-southeast-2 - Fn::Equals: - Ref: AWS::Region - ca-central-1 - Fn::Equals: - Ref: AWS::Region - cn-north-1 - Fn::Equals: - Ref: AWS::Region - cn-northwest-1 - Fn::Or: - Fn::Equals: - Ref: AWS::Region - eu-central-1 - Fn::Equals: - Ref: AWS::Region - eu-north-1 - Fn::Equals: - Ref: AWS::Region - eu-south-1 - Fn::Equals: - Ref: AWS::Region - eu-west-1 - Fn::Equals: - Ref: AWS::Region - eu-west-2 - Fn::Equals: - Ref: AWS::Region - eu-west-3 - Fn::Equals: - Ref: AWS::Region - me-south-1 - Fn::Equals: - Ref: AWS::Region - sa-east-1 - Fn::Equals: - Ref: AWS::Region - us-east-1 - Fn::Equals: - Ref: AWS::Region - us-east-2 - Fn::Or: - Fn::Equals: - Ref: AWS::Region - us-west-1 - Fn::Equals: - Ref: AWS::Region - us-west-2