This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::Cognito::UserPoolResourceServer The `AWS::Cognito::UserPoolResourceServer` resource creates a new OAuth2.0 resource server and defines custom scopes in it. **Note** If you don't specify a value for a parameter, Amazon Cognito sets it to a default value. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Cognito::UserPoolResourceServer", "Properties" : { "[Identifier](#cfn-cognito-userpoolresourceserver-identifier)" : String, "[Name](#cfn-cognito-userpoolresourceserver-name)" : String, "[Scopes](#cfn-cognito-userpoolresourceserver-scopes)" : [ ResourceServerScopeType, ... ], "[UserPoolId](#cfn-cognito-userpoolresourceserver-userpoolid)" : String } } ``` ### YAML ``` Type: AWS::Cognito::UserPoolResourceServer Properties: [Identifier](#cfn-cognito-userpoolresourceserver-identifier): String [Name](#cfn-cognito-userpoolresourceserver-name): String [Scopes](#cfn-cognito-userpoolresourceserver-scopes): - ResourceServerScopeType [UserPoolId](#cfn-cognito-userpoolresourceserver-userpoolid): String ``` ## Properties `Identifier` A unique resource server identifier for the resource server. The identifier can be an API friendly name like `solar-system-data`. You can also set an API URL like `https://solar-system-data-api.example.com` as your identifier. Amazon Cognito represents scopes in the access token in the format `$resource-server-identifier/$scope`. Longer scope-identifier strings increase the size of your access tokens. *Required*: Yes *Type*: String *Pattern*: `[\x21\x23-\x5B\x5D-\x7E]+` *Minimum*: `1` *Maximum*: `256` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Name` A friendly name for the resource server. *Required*: Yes *Type*: String *Pattern*: `[\w\s+=,.@-]+` *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Scopes` A list of scopes. Each scope is a map with keys `ScopeName` and `ScopeDescription`. *Required*: No *Type*: Array of [ResourceServerScopeType](aws-properties-cognito-userpoolresourceserver-resourceserverscopetype.md) *Maximum*: `100` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UserPoolId` The ID of the user pool where you want to create a resource server. *Required*: Yes *Type*: String *Pattern*: `[\w-]+_[0-9a-zA-Z]+` *Minimum*: `1` *Maximum*: `55` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns physicalResourceId, which is the resource server identifier “Identifier". For example: `{ "Ref": "yourResourceServerIdentifier" }` For the Amazon Cognito resource server `yourResourceServerIdentifier`, Ref returns the name of the resource server. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ## Examples ### Creating a new resource server for a user pool The following example creates a resource server "Name" with the identifier "Identifier" in the referenced user pool. #### JSON ``` { "UserPoolResourceServer": { "Type": "AWS::Cognito::UserPoolResourceServer", "Properties": { "UserPoolId": { "Ref": "UserPool" }, "Identifier": "Identifier", "Name": "Name", "Scopes": [{ "ScopeName": "ScopeName1", "ScopeDescription": "description" }, { "ScopeName": "ScopeName2", "ScopeDescription": "description" }] } } } ``` #### YAML ``` UserPoolResourceServer: Type: AWS::Cognito::UserPoolResourceServer Properties: UserPoolId: !Ref UserPool Identifier: "Identifier" Name: "Name" Scopes: - ScopeName: "ScopeName1" ScopeDescription: "description" - ScopeName: "ScopeName2" ScopeDescription: "description" ``` # AWS::Cognito::UserPoolResourceServer ResourceServerScopeType One custom scope associated with a user pool resource server. This data type is a member of `ResourceServerScopeType`. For more information, see [ Scopes, M2M, and API authorization with resource servers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ScopeDescription](#cfn-cognito-userpoolresourceserver-resourceserverscopetype-scopedescription)" : String, "[ScopeName](#cfn-cognito-userpoolresourceserver-resourceserverscopetype-scopename)" : String } ``` ### YAML ``` [ScopeDescription](#cfn-cognito-userpoolresourceserver-resourceserverscopetype-scopedescription): String [ScopeName](#cfn-cognito-userpoolresourceserver-resourceserverscopetype-scopename): String ``` ## Properties `ScopeDescription` A friendly description of a custom scope. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ScopeName` The name of the scope. Amazon Cognito renders custom scopes in the format `resourceServerIdentifier/ScopeName`. For example, if this parameter is `exampleScope` in the resource server with the identifier `exampleResourceServer`, you request and receive the scope `exampleResourceServer/exampleScope`. *Required*: Yes *Type*: String *Pattern*: `[\x21\x23-\x2E\x30-\x5B\x5D-\x7E]+` *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)