Terraform AWS Cognito App Client

+3 votes

I am stuck while trying to set up an 'app client' for an AWS Cognito User Pool through Terraform. Here is my resource as it stands:

resource "aws_cognito_user_pool" "notes-pool" {
  name = "notes-pool"
  username_attributes = ["email"]
  verification_message_template {
    default_email_option = "CONFIRM_WITH_CODE"
  }
  password_policy {
    minimum_length    = 10
    require_lowercase = false
    require_numbers   = true
    require_symbols   = false
    require_uppercase = true
  }
  tags {
    "Name"    = "notes-pool"
    "Environment" = "production"
  }
}

The above works just fine, and my user pool is created. If anybody has any ideas on how to create an app client in the same resource, I'm suspecting that this functionality doesn't exist so can anyone help me. Thank you

Apr 6, 2018 in AWS by Atul
• 10,240 points
725 views

3 answers to this question.

+1 vote

I think it has been just added to the most recent version of terraform. You can try something like this  to add a client to your user pool:

 resource "aws_cognito_user_pool_client" "client" {
     name = "client"
     user_pool_id = "${aws_cognito_user_pool.pool.id}"
     generate_secret = true
     explicit_auth_flows = ["ADMIN_NO_SRP_AUTH"]
 }

You can check out the docs here :Terraform entry on aws_cognito_user_pool_client

answered Apr 6, 2018 by shubham
• 6,890 points
0 votes

Once user pool is created, you can use create-user-pool-client API to create app-client within the userpool. Please refer the API documentation: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html

answered Aug 7, 2018 by Priyaj
• 56,900 points
+1 vote

This feature is not currently supported by Terraform.

There is an open issue on GitHub where this has been requested (give it a thumbs up if you would benefit from this feature).

Until support is added, the best option is to use the local-exec provisioner to create the user pool via the CLI once the resource is created:

resource "aws_cognito_user_pool" "notes-pool" {
  name = "notes-pool"

  username_attributes = ["email"]
  ...

  provisioner "local-exec" {
    command = <<EOF
aws cognito-idp create-user-pool-client \
  --user-pool-id ${aws_cognito_user_pool.notes-pool.id} \
  --client-name client-name \
  --no-generate-secret \
  --explicit-auth-flows ADMIN_NO_SRP_AUTH
EOF
  }
}

Please note that in order to use this you must have the AWS CLI installed and authenticated (I use environment variables to authenticate with both Terraform and the AWS CLI).

answered Aug 28, 2018 by eatcodesleeprepeat
• 4,670 points

Related Questions In AWS

+5 votes
2 answers

Can we migrate the AWS Cognito users between the user pools?

Yes, it is possible that this scenario ...READ MORE

answered Apr 13, 2018 in AWS by Cloud gunner
• 4,280 points
2,361 views
+5 votes
2 answers

Can we export/migrate users from AWS cognito, does it cause vendor lock-in?

Cognito actually has the capability to import ...READ MORE

answered Aug 1, 2018 in AWS by bug_seeker
• 15,350 points
1,013 views
+1 vote
2 answers

How do I get my AWS Glue client in JAVA?

Hey, you've been using a correct code ...READ MORE

answered Apr 17, 2018 in AWS by Cloud gunner
• 4,280 points
1,018 views
0 votes
1 answer

Want to use an AWS Cognito User Pool without putting a password(for an easier approach)

Currently, AWS Cognito is not supporting passwordless ...READ MORE

answered May 4, 2018 in AWS by Cloud gunner
• 4,280 points
1,544 views
0 votes
1 answer
0 votes
1 answer

Deploy react app to AWS with pm2

Under 'tools' directory, in 'distServer.js' try to ...READ MORE

answered Feb 6 in AWS by Fatima
671 views
+13 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 26, 2018 in DevOps & Agile by DragonLord999
• 8,380 points
210 views
0 votes
1 answer