This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::Cognito::IdentityPool The `AWS::Cognito::IdentityPool` resource creates an Amazon Cognito identity pool. To avoid deleting the resource accidentally from CloudFormation, use [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) and the [UpdateReplacePolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html) to retain the resource on deletion or replacement. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Cognito::IdentityPool", "Properties" : { "[AllowClassicFlow](#cfn-cognito-identitypool-allowclassicflow)" : Boolean, "[AllowUnauthenticatedIdentities](#cfn-cognito-identitypool-allowunauthenticatedidentities)" : Boolean, "[CognitoEvents](#cfn-cognito-identitypool-cognitoevents)" : Json, "[CognitoIdentityProviders](#cfn-cognito-identitypool-cognitoidentityproviders)" : [ CognitoIdentityProvider, ... ], "[CognitoStreams](#cfn-cognito-identitypool-cognitostreams)" : CognitoStreams, "[DeveloperProviderName](#cfn-cognito-identitypool-developerprovidername)" : String, "[IdentityPoolName](#cfn-cognito-identitypool-identitypoolname)" : String, "[IdentityPoolTags](#cfn-cognito-identitypool-identitypooltags)" : [ Tag, ... ], "[OpenIdConnectProviderARNs](#cfn-cognito-identitypool-openidconnectproviderarns)" : [ String, ... ], "[PushSync](#cfn-cognito-identitypool-pushsync)" : PushSync, "[SamlProviderARNs](#cfn-cognito-identitypool-samlproviderarns)" : [ String, ... ], "[SupportedLoginProviders](#cfn-cognito-identitypool-supportedloginproviders)" : Json } } ``` ### YAML ``` Type: AWS::Cognito::IdentityPool Properties: [AllowClassicFlow](#cfn-cognito-identitypool-allowclassicflow): Boolean [AllowUnauthenticatedIdentities](#cfn-cognito-identitypool-allowunauthenticatedidentities): Boolean [CognitoEvents](#cfn-cognito-identitypool-cognitoevents): Json [CognitoIdentityProviders](#cfn-cognito-identitypool-cognitoidentityproviders): - CognitoIdentityProvider [CognitoStreams](#cfn-cognito-identitypool-cognitostreams): CognitoStreams [DeveloperProviderName](#cfn-cognito-identitypool-developerprovidername): String [IdentityPoolName](#cfn-cognito-identitypool-identitypoolname): String [IdentityPoolTags](#cfn-cognito-identitypool-identitypooltags): - Tag [OpenIdConnectProviderARNs](#cfn-cognito-identitypool-openidconnectproviderarns): - String [PushSync](#cfn-cognito-identitypool-pushsync): PushSync [SamlProviderARNs](#cfn-cognito-identitypool-samlproviderarns): - String [SupportedLoginProviders](#cfn-cognito-identitypool-supportedloginproviders): Json ``` ## Properties `AllowClassicFlow` Enables the Basic (Classic) authentication flow. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AllowUnauthenticatedIdentities` Specifies whether the identity pool supports unauthenticated logins. *Required*: Yes *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CognitoEvents` The events to configure. *Required*: No *Type*: Json *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CognitoIdentityProviders` The Amazon Cognito user pools and their client IDs. *Required*: No *Type*: Array of [CognitoIdentityProvider](aws-properties-cognito-identitypool-cognitoidentityprovider.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CognitoStreams` Configuration options for configuring Amazon Cognito streams. *Required*: No *Type*: [CognitoStreams](aws-properties-cognito-identitypool-cognitostreams.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DeveloperProviderName` The "domain" Amazon Cognito uses when referencing your users. This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the `DeveloperProviderName`, you can use letters and periods (.), underscores (\$1), and dashes (-). *Minimum length*: 1 *Maximum length*: 100 *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityPoolName` The name of your Amazon Cognito identity pool. *Minimum length*: 1 *Maximum length*: 128 *Pattern*: `[\w\s+=,.@-]+` *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityPoolTags` Tags to assign to the identity pool. A tag is a label that you can apply to identity pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria. *Required*: No *Type*: Array of [Tag](aws-properties-cognito-identitypool-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `OpenIdConnectProviderARNs` The Amazon Resource Names (ARNs) of the OpenID connect providers. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PushSync` The configuration options to be applied to the identity pool. *Required*: No *Type*: [PushSync](aws-properties-cognito-identitypool-pushsync.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SamlProviderARNs` The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SupportedLoginProviders` Key-value pairs that map provider names to provider app IDs. *Required*: No *Type*: Json *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the `IdentityPoolId`, such as `us-east-2:0d01f4d7-1305-4408-b437-12345EXAMPLE`. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Name` The name of the Amazon Cognito identity pool, returned as a string. # AWS::Cognito::IdentityPool CognitoIdentityProvider `CognitoIdentityProvider` is a property of the [AWS::Cognito::IdentityPool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html) resource that represents an Amazon Cognito user pool and its client ID. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ClientId](#cfn-cognito-identitypool-cognitoidentityprovider-clientid)" : String, "[ProviderName](#cfn-cognito-identitypool-cognitoidentityprovider-providername)" : String, "[ServerSideTokenCheck](#cfn-cognito-identitypool-cognitoidentityprovider-serversidetokencheck)" : Boolean } ``` ### YAML ``` [ClientId](#cfn-cognito-identitypool-cognitoidentityprovider-clientid): String [ProviderName](#cfn-cognito-identitypool-cognitoidentityprovider-providername): String [ServerSideTokenCheck](#cfn-cognito-identitypool-cognitoidentityprovider-serversidetokencheck): Boolean ``` ## Properties `ClientId` The client ID for the Amazon Cognito user pool. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ProviderName` The provider name for an Amazon Cognito user pool. For example: `cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789`. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServerSideTokenCheck` TRUE if server-side token validation is enabled for the identity provider’s token. After you set the `ServerSideTokenCheck` to TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user. If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Cognito::IdentityPool CognitoStreams `CognitoStreams` is a property of the [AWS::Cognito::IdentityPool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html) resource that defines configuration options for Amazon Cognito streams. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[RoleArn](#cfn-cognito-identitypool-cognitostreams-rolearn)" : String, "[StreamingStatus](#cfn-cognito-identitypool-cognitostreams-streamingstatus)" : String, "[StreamName](#cfn-cognito-identitypool-cognitostreams-streamname)" : String } ``` ### YAML ``` [RoleArn](#cfn-cognito-identitypool-cognitostreams-rolearn): String [StreamingStatus](#cfn-cognito-identitypool-cognitostreams-streamingstatus): String [StreamName](#cfn-cognito-identitypool-cognitostreams-streamname): String ``` ## Properties `RoleArn` The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke `PutRecord` on your Amazon Cognito stream. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StreamingStatus` Status of the Amazon Cognito streams. Valid values are: `ENABLED` or `DISABLED`. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StreamName` The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Cognito::IdentityPool PushSync `PushSync` is a property of the [AWS::Cognito::IdentityPool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html) resource that defines the configuration options to be applied to an Amazon Cognito identity pool. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ApplicationArns](#cfn-cognito-identitypool-pushsync-applicationarns)" : [ String, ... ], "[RoleArn](#cfn-cognito-identitypool-pushsync-rolearn)" : String } ``` ### YAML ``` [ApplicationArns](#cfn-cognito-identitypool-pushsync-applicationarns): - String [RoleArn](#cfn-cognito-identitypool-pushsync-rolearn): String ``` ## Properties `ApplicationArns` The ARNs of the Amazon SNS platform applications that could be used by clients. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RoleArn` An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Cognito::IdentityPool Tag The `Tag` property type specifies Property description not available. for an [AWS::Cognito::IdentityPool](aws-resource-cognito-identitypool.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-cognito-identitypool-tag-key)" : String, "[Value](#cfn-cognito-identitypool-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-cognito-identitypool-tag-key): String [Value](#cfn-cognito-identitypool-tag-value): String ``` ## Properties `Key` Property description not available. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Property description not available. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)