Multiple CognitoUserPoolClient


#1

Hello,

When I create a new cognito user pool, I would like to create more than one user pool client, but I can’t find a way of doing it…

Here is my actual code:

Resources:
  CognitoUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      # Generate a name based on the stage
      UserPoolName: ${self:provider.stage}-blablabla
      # Set email as an alias
      UsernameAttributes:
        - email
      AutoVerifiedAttributes:
        - email

  CognitoUserPoolClient:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      # Generate an app client name based on the stage
      ClientName: Bla
      UserPoolId:
        Ref: CognitoUserPool
      ExplicitAuthFlows:
        - ADMIN_NO_SRP_AUTH
      GenerateSecret: true

If I try to duplicate the block “CognitoUserPoolClient”, I get an error YAMLException: duplicated mapping key

Thank you for your help.


#2

You were on the right track duplicating the CognitoUserPoolClient, you just have to make the 2nd copy have a different name. such as:

CognitoUserPoolClient2:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      # Generate an app client name based on the stage
      ClientName: Bla2
      UserPoolId:
        Ref: CognitoUserPool
      ExplicitAuthFlows:
        - ADMIN_NO_SRP_AUTH
      GenerateSecret: true

#3

Thank you for your reply @bfieber , I tried it but it fails when it tries to validate it…

  Error --------------------------------------------------
 
  The CloudFormation template is invalid: Invalid template property or properties [Cognito]

Here is my full resource file:

Resources:
  CognitoUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName: ${self:provider.stage}-user-pool-test
      UsernameAttributes:
        - email
      AutoVerifiedAttributes:
        - email

  CognitoUserPoolClient:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      ClientName: Bla
      UserPoolId:
        Ref: CognitoUserPool
      ExplicitAuthFlows:
        - ADMIN_NO_SRP_AUTH
      GenerateSecret: true

  CognitoUserPoolClient2:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      ClientName: Bla2
      UserPoolId:
        Ref: CognitoUserPool
      ExplicitAuthFlows:
        - ADMIN_NO_SRP_AUTH
      GenerateSecret: true

# Print out the Id of the User Pool that is created
Outputs:
  UserPoolId:
    Value:
      Ref: CognitoUserPool

  UserPoolClientId:
    Value:
      Ref: CognitoUserPoolClient

Thank you.


#4

The approach seems right. Here’s a copy & paste of code I’m using:

    CognitoUserPoolAppUserPool:
      Type: AWS::Cognito::UserPool
      Properties:
        DeviceConfiguration: 
          ChallengeRequiredOnNewDevice: false
        EmailConfiguration: 
          ReplyToEmailAddress: ${self:provider.environment.REPLY_EMAIL}
        MfaConfiguration: OFF
        Policies: 
          PasswordPolicy:
            MinimumLength: 8
            RequireLowercase: true
            RequireNumbers: true
            RequireSymbols: true
            RequireUppercase: true
        Schema:
          -
            AttributeDataType: String
            Mutable: true
            Name: "access_token"
          -
            AttributeDataType: String
            Mutable: true
            Name: "internal_domain"
          -
            AttributeDataType: String
            Name: "shop_id"
        UsernameAttributes:
          - email
        UserPoolName: ${self:custom.userPoolName}
    CognitoUserPoolClientAppUserPoolDefault:
      Type: AWS::Cognito::UserPoolClient
      Properties:
        ClientName: "default-client"
        GenerateSecret: false
        RefreshTokenValidity: 30
        UserPoolId: { "Ref": "CognitoUserPoolAppUserPool" }
    CognitoUserPoolClientAppUserPoolOAuth:
      Type: AWS::Cognito::UserPoolClient
      Properties:
        ClientName: "oauth-client"
        GenerateSecret: false
        ExplicitAuthFlows:
          - "CUSTOM_AUTH_FLOW_ONLY"
        RefreshTokenValidity: 30
        UserPoolId: { "Ref": "CognitoUserPoolAppUserPool" }