@pulumi/aws
Version:
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
238 lines • 11.4 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.UserPoolClient = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* Provides a Cognito User Pool Client resource.
*
* To manage a User Pool Client created by another service, such as when [configuring an OpenSearch Domain to use Cognito authentication](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cognito-auth.html),
* use the `aws.cognito.ManagedUserPoolClient` resource instead.
*
* ## Example Usage
*
* ### Create a basic user pool client
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const pool = new aws.cognito.UserPool("pool", {name: "pool"});
* const client = new aws.cognito.UserPoolClient("client", {
* name: "client",
* userPoolId: pool.id,
* });
* ```
*
* ### Create a user pool client with no SRP authentication
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const pool = new aws.cognito.UserPool("pool", {name: "pool"});
* const client = new aws.cognito.UserPoolClient("client", {
* name: "client",
* userPoolId: pool.id,
* generateSecret: true,
* explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],
* });
* ```
*
* ### Create a user pool client with pinpoint analytics
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const testUserPool = new aws.cognito.UserPool("test", {name: "pool"});
* const testApp = new aws.pinpoint.App("test", {name: "pinpoint"});
* const assumeRole = aws.iam.getPolicyDocument({
* statements: [{
* effect: "Allow",
* principals: [{
* type: "Service",
* identifiers: ["cognito-idp.amazonaws.com"],
* }],
* actions: ["sts:AssumeRole"],
* }],
* });
* const testRole = new aws.iam.Role("test", {
* name: "role",
* assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
* });
* const testUserPoolClient = new aws.cognito.UserPoolClient("test", {
* name: "pool_client",
* userPoolId: testUserPool.id,
* analyticsConfiguration: {
* applicationId: testApp.applicationId,
* externalId: "some_id",
* roleArn: testRole.arn,
* userDataShared: true,
* },
* });
* const current = aws.getCallerIdentity({});
* const test = aws.iam.getPolicyDocumentOutput({
* statements: [{
* effect: "Allow",
* actions: [
* "mobiletargeting:UpdateEndpoint",
* "mobiletargeting:PutEvents",
* ],
* resources: [pulumi.all([current, testApp.applicationId]).apply(([current, applicationId]) => `arn:aws:mobiletargeting:*:${current.accountId}:apps/${applicationId}*`)],
* }],
* });
* const testRolePolicy = new aws.iam.RolePolicy("test", {
* name: "role_policy",
* role: testRole.id,
* policy: test.apply(test => test.json),
* });
* ```
*
* ### Create a user pool client with Cognito as the identity provider
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const pool = new aws.cognito.UserPool("pool", {name: "pool"});
* const userpoolClient = new aws.cognito.UserPoolClient("userpool_client", {
* name: "client",
* userPoolId: pool.id,
* callbackUrls: ["https://example.com"],
* allowedOauthFlowsUserPoolClient: true,
* allowedOauthFlows: [
* "code",
* "implicit",
* ],
* allowedOauthScopes: [
* "email",
* "openid",
* ],
* supportedIdentityProviders: ["COGNITO"],
* });
* ```
*
* ### Create a user pool client with refresh token rotation
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const pool = new aws.cognito.UserPool("pool", {name: "pool"});
* const userpoolClient = new aws.cognito.UserPoolClient("userpool_client", {
* name: "client",
* userPoolId: pool.id,
* explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],
* refreshTokenRotation: {
* feature: "ENABLED",
* retryGracePeriodSeconds: 10,
* },
* });
* ```
*
* ## Import
*
* Using `pulumi import`, import Cognito User Pool Clients using the `id` of the Cognito User Pool, and the `id` of the Cognito User Pool Client. For example:
*
* ```sh
* $ pulumi import aws:cognito/userPoolClient:UserPoolClient client us-west-2_abc123/3ho4ek12345678909nh3fmhpko
* ```
*/
class UserPoolClient extends pulumi.CustomResource {
/**
* Get an existing UserPoolClient resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new UserPoolClient(name, state, Object.assign(Object.assign({}, opts), { id: id }));
}
/**
* Returns true if the given object is an instance of UserPoolClient. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === UserPoolClient.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["accessTokenValidity"] = state ? state.accessTokenValidity : undefined;
resourceInputs["allowedOauthFlows"] = state ? state.allowedOauthFlows : undefined;
resourceInputs["allowedOauthFlowsUserPoolClient"] = state ? state.allowedOauthFlowsUserPoolClient : undefined;
resourceInputs["allowedOauthScopes"] = state ? state.allowedOauthScopes : undefined;
resourceInputs["analyticsConfiguration"] = state ? state.analyticsConfiguration : undefined;
resourceInputs["authSessionValidity"] = state ? state.authSessionValidity : undefined;
resourceInputs["callbackUrls"] = state ? state.callbackUrls : undefined;
resourceInputs["clientSecret"] = state ? state.clientSecret : undefined;
resourceInputs["defaultRedirectUri"] = state ? state.defaultRedirectUri : undefined;
resourceInputs["enablePropagateAdditionalUserContextData"] = state ? state.enablePropagateAdditionalUserContextData : undefined;
resourceInputs["enableTokenRevocation"] = state ? state.enableTokenRevocation : undefined;
resourceInputs["explicitAuthFlows"] = state ? state.explicitAuthFlows : undefined;
resourceInputs["generateSecret"] = state ? state.generateSecret : undefined;
resourceInputs["idTokenValidity"] = state ? state.idTokenValidity : undefined;
resourceInputs["logoutUrls"] = state ? state.logoutUrls : undefined;
resourceInputs["name"] = state ? state.name : undefined;
resourceInputs["preventUserExistenceErrors"] = state ? state.preventUserExistenceErrors : undefined;
resourceInputs["readAttributes"] = state ? state.readAttributes : undefined;
resourceInputs["refreshTokenRotation"] = state ? state.refreshTokenRotation : undefined;
resourceInputs["refreshTokenValidity"] = state ? state.refreshTokenValidity : undefined;
resourceInputs["region"] = state ? state.region : undefined;
resourceInputs["supportedIdentityProviders"] = state ? state.supportedIdentityProviders : undefined;
resourceInputs["tokenValidityUnits"] = state ? state.tokenValidityUnits : undefined;
resourceInputs["userPoolId"] = state ? state.userPoolId : undefined;
resourceInputs["writeAttributes"] = state ? state.writeAttributes : undefined;
}
else {
const args = argsOrState;
if ((!args || args.userPoolId === undefined) && !opts.urn) {
throw new Error("Missing required property 'userPoolId'");
}
resourceInputs["accessTokenValidity"] = args ? args.accessTokenValidity : undefined;
resourceInputs["allowedOauthFlows"] = args ? args.allowedOauthFlows : undefined;
resourceInputs["allowedOauthFlowsUserPoolClient"] = args ? args.allowedOauthFlowsUserPoolClient : undefined;
resourceInputs["allowedOauthScopes"] = args ? args.allowedOauthScopes : undefined;
resourceInputs["analyticsConfiguration"] = args ? args.analyticsConfiguration : undefined;
resourceInputs["authSessionValidity"] = args ? args.authSessionValidity : undefined;
resourceInputs["callbackUrls"] = args ? args.callbackUrls : undefined;
resourceInputs["defaultRedirectUri"] = args ? args.defaultRedirectUri : undefined;
resourceInputs["enablePropagateAdditionalUserContextData"] = args ? args.enablePropagateAdditionalUserContextData : undefined;
resourceInputs["enableTokenRevocation"] = args ? args.enableTokenRevocation : undefined;
resourceInputs["explicitAuthFlows"] = args ? args.explicitAuthFlows : undefined;
resourceInputs["generateSecret"] = args ? args.generateSecret : undefined;
resourceInputs["idTokenValidity"] = args ? args.idTokenValidity : undefined;
resourceInputs["logoutUrls"] = args ? args.logoutUrls : undefined;
resourceInputs["name"] = args ? args.name : undefined;
resourceInputs["preventUserExistenceErrors"] = args ? args.preventUserExistenceErrors : undefined;
resourceInputs["readAttributes"] = args ? args.readAttributes : undefined;
resourceInputs["refreshTokenRotation"] = args ? args.refreshTokenRotation : undefined;
resourceInputs["refreshTokenValidity"] = args ? args.refreshTokenValidity : undefined;
resourceInputs["region"] = args ? args.region : undefined;
resourceInputs["supportedIdentityProviders"] = args ? args.supportedIdentityProviders : undefined;
resourceInputs["tokenValidityUnits"] = args ? args.tokenValidityUnits : undefined;
resourceInputs["userPoolId"] = args ? args.userPoolId : undefined;
resourceInputs["writeAttributes"] = args ? args.writeAttributes : undefined;
resourceInputs["clientSecret"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
const secretOpts = { additionalSecretOutputs: ["clientSecret"] };
opts = pulumi.mergeOptions(opts, secretOpts);
super(UserPoolClient.__pulumiType, name, resourceInputs, opts);
}
}
exports.UserPoolClient = UserPoolClient;
/** @internal */
UserPoolClient.__pulumiType = 'aws:cognito/userPoolClient:UserPoolClient';
//# sourceMappingURL=userPoolClient.js.map