Terraform AWS Cognito App Client

+3 votes

I am stuck while trying to set up an 'app client' for an AWS Cognito User Pool through Terraform. Here is my resource as it stands:

resource "aws_cognito_user_pool" "notes-pool" {
  name = "notes-pool"
  username_attributes = ["email"]
  verification_message_template {
    default_email_option = "CONFIRM_WITH_CODE"
  password_policy {
    minimum_length    = 10
    require_lowercase = false
    require_numbers   = true
    require_symbols   = false
    require_uppercase = true
  tags {
    "Name"    = "notes-pool"
    "Environment" = "production"

The above works just fine, and my user pool is created. If anybody has any ideas on how to create an app client in the same resource, I'm suspecting that this functionality doesn't exist so can anyone help me. Thank you

Apr 7, 2018 in AWS by Atul
• 10,240 points

3 answers to this question.

+1 vote

I think it has been just added to the most recent version of terraform. You can try something like this  to add a client to your user pool:

 resource "aws_cognito_user_pool_client" "client" {
     name = "client"
     user_pool_id = "${aws_cognito_user_pool.pool.id}"
     generate_secret = true
     explicit_auth_flows = ["ADMIN_NO_SRP_AUTH"]

You can check out the docs here :Terraform entry on aws_cognito_user_pool_client

Hpe this helps!

Enroll for the AWS course and become certified today.

answered Apr 7, 2018 by shubham
• 7,340 points
0 votes

Once user pool is created, you can use create-user-pool-client API to create app-client within the userpool. Please refer the API documentation: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html

answered Aug 7, 2018 by Priyaj
• 58,090 points
+1 vote

This feature is not currently supported by Terraform.

There is an open issue on GitHub where this has been requested (give it a thumbs up if you would benefit from this feature).

Until support is added, the best option is to use the local-exec provisioner to create the user pool via the CLI once the resource is created:

resource "aws_cognito_user_pool" "notes-pool" {
  name = "notes-pool"

  username_attributes = ["email"]

  provisioner "local-exec" {
    command = <<EOF
aws cognito-idp create-user-pool-client \
  --user-pool-id ${aws_cognito_user_pool.notes-pool.id} \
  --client-name client-name \
  --no-generate-secret \
  --explicit-auth-flows ADMIN_NO_SRP_AUTH

Please note that in order to use this you must have the AWS CLI installed and authenticated (I use environment variables to authenticate with both Terraform and the AWS CLI).

answered Aug 28, 2018 by eatcodesleeprepeat
• 4,710 points

Related Questions In AWS

+5 votes
2 answers

Can we migrate the AWS Cognito users between the user pools?

Yes, it is possible that this scenario ...READ MORE

answered Apr 13, 2018 in AWS by Cloud gunner
• 4,670 points
+5 votes
2 answers

Can we export/migrate users from AWS cognito, does it cause vendor lock-in?

Cognito actually has the capability to import ...READ MORE

answered Aug 1, 2018 in AWS by bug_seeker
• 15,520 points
+1 vote
2 answers

How do I get my AWS Glue client in JAVA?

Hey, you've been using a correct code ...READ MORE

answered Apr 17, 2018 in AWS by Cloud gunner
• 4,670 points
0 votes
1 answer

Want to use an AWS Cognito User Pool without putting a password(for an easier approach)

Currently, AWS Cognito is not supporting passwordless ...READ MORE

answered May 4, 2018 in AWS by Cloud gunner
• 4,670 points
0 votes
1 answer
0 votes
1 answer

Deploy react app to AWS with pm2

Under 'tools' directory, in 'distServer.js' try to ...READ MORE

answered Feb 6, 2019 in AWS by Fatima
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
+2 votes
1 answer
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP