» Resource: aws_cognito_identity_pool

Provides an AWS Cognito Identity Pool.

» Example Usage

resource "aws_iam_saml_provider" "default" {
  name                   = "my-saml-provider"
  saml_metadata_document = "${file("saml-metadata.xml")}"
}

resource "aws_cognito_identity_pool" "main" {
  identity_pool_name               = "identity pool"
  allow_unauthenticated_identities = false

  cognito_identity_providers {
    client_id               = "6lhlkkfbfb4q5kpp90urffae"
    provider_name           = "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ"
    server_side_token_check = false
  }

  cognito_identity_providers {
    client_id               = "7kodkvfqfb4qfkp39eurffae"
    provider_name           = "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu"
    server_side_token_check = false
  }

  supported_login_providers = {
    "graph.facebook.com"  = "7346241598935552"
    "accounts.google.com" = "123456789012.apps.googleusercontent.com"
  }

  saml_provider_arns           = ["${aws_iam_saml_provider.default.arn}"]
  openid_connect_provider_arns = ["arn:aws:iam::123456789012:oidc-provider/foo.example.com"]
}

» Argument Reference

The Cognito Identity Pool argument layout is a structure composed of several sub-resources - these resources are laid out below.

» Cognito Identity Providers

  • client_id (Optional) - The client ID for the Amazon Cognito Identity User Pool.
  • provider_name (Optional) - The provider name for an Amazon Cognito Identity User Pool.
  • server_side_token_check (Optional) - Whether server-side token validation is enabled for the identity provider’s token or not.

» Attributes Reference

In addition to the arguments, which are exported, the following attributes are exported:

  • id - An identity pool ID in the format REGION:GUID.
  • arn - The ARN of the identity pool.

» Import

Cognito Identity Pool can be imported using the name, e.g.

$ terraform import aws_cognito_identity_pool.mypool <identity-pool-id>