Creation of User Pool Client fails saying 'provider google does not exist'

I have a fairly annoying issue that shows up intermittently, which makes me think it’s some kind of race condition. I’m coming to suspect that this could be an AWS CloudFormation bug. I
CognitoUserPoolClient - The provider Google does not exist for User Pool us-west-2_xxxxxxxxx

My pertinent details of my configuration are here:

 CognitoUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      LambdaConfig:
        PreAuthentication:
          Fn::GetAtt: [MyLambdaFunction, Arn]
      MfaConfiguration: OFF
      UserPoolName: my-project-user-pool
      UsernameAttributes:
        - email
      AutoVerifiedAttributes:
        - email
      AdminCreateUserConfig:
        AllowAdminCreateUserOnly: true

  CognitoUserPoolIdentityProvider:
    Type: AWS::Cognito::UserPoolIdentityProvider
    DependsOn: 
      - CognitoUserPool
      - CognitoUserPoolClient 
    Properties:
      ProviderName: Google
      AttributeMapping:
        email: email
      ProviderDetails:
        client_id: ${env:CLIENT_ID}
        client_secret: ${env:CLIENT_SECRET}
        authorize_scopes: email openid
      ProviderType: Google
      UserPoolId:
        Ref: CognitoUserPool

As you can see I’ve tried using “DependsOn”, to see if I can prevent this issue, but I can not. The only way around it that I’ve found is just running sls deploy repeatedly until it works. You can see how this solution is not satisfying.

If you have ideas, I’ll try them!
Thanks!

Thanks for the question/hint! I got this to work by reversing the DependsOn. Remove the DependsOn from the CognitoUserPoolIdentityProvider section, and instead add this DependsOn to the CognitoUserPool, like this:

 CognitoUserPool:
    Type: AWS::Cognito::UserPool
    DependsOn: 
      - CognitoUserPoolIdentityProvider
    Properties:
      LambdaConfig:
        PreAuthentication:
          Fn::GetAtt: [MyLambdaFunction, Arn]
      MfaConfiguration: OFF
      UserPoolName: my-project-user-pool
      UsernameAttributes:
        - email
      AutoVerifiedAttributes:
        - email
      AdminCreateUserConfig:
        AllowAdminCreateUserOnly: true

  CognitoUserPoolIdentityProvider:
    Type: AWS::Cognito::UserPoolIdentityProvider
    Properties:
      ProviderName: Google
      AttributeMapping:
        email: email
      ProviderDetails:
        client_id: ${env:CLIENT_ID}
        client_secret: ${env:CLIENT_SECRET}
        authorize_scopes: email openid
      ProviderType: Google
      UserPoolId:
        Ref: CognitoUserPool

Note: I tried this in my own code, and it worked. I didn’t try it on your code.