amazon-cognitoaws-userpoolsaws-identitypools

How to cloudform cognito user pool authentication provider with custom mapping


I've successfully cloudformed a cognito identity-pool and could not see how I add the custom mappings to the "Cognito" "Authentication Providers" in cloudformation.

Inside the Cognito Authentication Provider on the console, there is a dropdown where I manually have to select "Use custom mappings" and then I can manually add the mappings to my custom user attributes. However, I need to be able to cloudform this and am struggling to find the correct place for it.

The user pool that goes along with this identity pool has "SupportedIdentityProviders" set to "COGNITO"

Update

I can get a list of identity providers by running ...

aws cognito-identity list-identities --max-results 2 --identity-pool-id xx-xxxx-x:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx

and this returns me

{
    "IdentityPoolId": "xx-xxxx-x:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx",
    "Identities": [
        {
            "IdentityId": "yy-yyyy-y:yyyyyyyy-yyyy-yyyy-yyyyyyyyyy",
            "Logins": [
                "cognito-idp.eu-west-2.amazonaws.com/eu-west-2_tFT6FBwIO"
            ],
            "CreationDate": "2021-11-15T12:38:48.249000+00:00",
            "LastModifiedDate": "2021-11-15T12:38:48.263000+00:00"
        }
    ]
}

using the "Logins" information I can now run...

aws cognito-identity get-principal-tag-attribute-map --identity-pool-id xx-xxxx-x:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx --identity-provider-name "cognito-idp.eu-west-2.amazonaws.com/eu-west-2_tFT6FBwIO"

which returns

{
    "IdentityPoolId": "xx-xxxx-x:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx",
    "IdentityProviderName": "cognito-idp.eu-west-2.amazonaws.com/eu-west-2_tFT6FBwIO",
    "UseDefaults": false,
    "PrincipalTags": {
        "attr_x": "custom:attr_x",
        "attr_y": "custom:attr_y",
        "attr_z": "custom:attr_z"
    }
}

However, I still don't know how to setup this mapping via cloudformation...

Regards Mark.


Solution

  • Setting PrincipalTag attribute mappings is not yet supported in CloudFormation but, according to the CloudFormation roadmap, will be supported soon. In the meantime, you would have to create a CloudFormation Custom Resource or Resource Provider to achieve this.