AWS::Cognito::UserPoolClient

Cognito UserPoolClient

Resource Type definition for AWS::Cognito::UserPoolClient

Properties

23 configurable properties. 1 required. Click a row to see details.

Filter:

Property	Type	Flags
`UserPoolId`	`string`	RequiredCreate-only
`AccessTokenValidity`	`integer`
`AllowedOAuthFlows`	`Array<string>`
`AllowedOAuthFlowsUserPoolClient`	`boolean`
`AllowedOAuthScopes`	`Array<string>`
`AnalyticsConfiguration`	`AnalyticsConfiguration`
`AuthSessionValidity`	`integer`
`CallbackURLs`	`Array<string>`
`ClientName`	`string`
`DefaultRedirectURI`	`string`
`EnablePropagateAdditionalUserContextData`	`boolean`
`EnableTokenRevocation`	`boolean`
`ExplicitAuthFlows`	`Array<string>`
`GenerateSecret`	`boolean`	Create-only
`IdTokenValidity`	`integer`
`LogoutURLs`	`Array<string>`
`PreventUserExistenceErrors`	`string`
`ReadAttributes`	`Array<string>`
`RefreshTokenRotation`	`RefreshTokenRotation`
`RefreshTokenValidity`	`integer`
`SupportedIdentityProviders`	`Array<string>`
`TokenValidityUnits`	`TokenValidityUnits`
`WriteAttributes`	`Array<string>`

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`ClientId`	`string`	-
`ClientSecret`	`string`	-
`Name`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::Cognito::UserPoolClient

Resources:
  MyResource:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      UserPoolId: "my-userpoolid"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

cognito-idp:CreateUserPoolClientiam:PassRoleiam:PutRolePolicyiam:CreateServiceLinkedRole

read

cognito-idp:DescribeUserPoolClient

update

cognito-idp:UpdateUserPoolClientiam:PassRoleiam:PutRolePolicy

delete

cognito-idp:DeleteUserPoolClientiam:PutRolePolicyiam:DeleteRolePolicy

list

cognito-idp:ListUserPoolClients

Get the Cognito Cheat Sheet

Everything you need to know about Cognito on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceCognito

Properties26

Required1

TaggingNot supported

Primary IDUserPoolId

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

GenerateSecretUserPoolId

Related Resources

External Links

AWS Documentation