Terraform-provider-aws: Missing AWS Cognito Support

Just wanted this, and found it missing from Terraform. Will try with cloud formation until it's available

Hi @nelg

At the moment, only Identity pools are supported. I know that a few other people are working on resources (including me for roles attachment).

What is missing from your perspective?

At the moment, my work around in cloudformation uses the following types:
AWS::Cognito::UserPool
AWS::Cognito::UserPoolClient

I think I will need
AWS::Cognito::IdentityPoolRoleAttachment

as well.

I can't believe CloudFormation beat Terraform in the race to support user pools.

Hey folks,

Will try to end the work on Cognito User pools very quickly, including all the current options provided by the API.
The one about IdentityPoolRoleAttachment is almost ended for me, the code is just crazy... so taking some time to review from another member :)

Please be patient a bit more: ~winter is~ Cognito User Pools are coming! 😄

Any updates with this one? Cheers

Hi @all.

I would appreciate some guidance here from anyone who has managed to successfully configure lambda trigger for cognito user pool using terraform (http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html).

@Ninir Do you know if User Pools are prod ready and has a configuration parameter for lambda trigger? How can I track a progress?

Much appreciated for your help.

Hi folks,

Just to let you know that Cognito Identity Pool Roles Attachment has been merged yesterday: https://github.com/terraform-providers/terraform-provider-aws/pull/863

Work is continuing for User Pools, hope to include it in the next AWS release 🚀

@volkodava Progress for user pools is here! :)

Also I have a branch ready with aws_cognito_user_pool_domain - the plan is to raise the PR after we merge @Ninir's #1419

@Ninir I compiled and am trying out the merge as of today, it looks great in my initial tests. Cheers!

Absolute champions!!

thank you very much for your hard work!

Well since CloudFormation is a pile of garbage and won't let us configure alternative username attributes, full support for user pools would be critical to have in terraform.

@et304383 please keep your personal opinion off here, thanks. Some of us are Keen to follow the progress of the issue.

@zsims I am interested in the progress of this item as well. I'm expressing frustration with no automation tools fully supporting cognito.

It's not an opinion. Cognito support in CloudFormation is half complete so I'm looking forward to full support in Terraform.

Is #1106 in the scope of this issue?

Hey thanks for all the hard work, anyone have a rough estimate of how far off this is? Cheers

Hi folks, User Pools are now available using the AWS Provider version 1.3.0!

To do so, upgrade your local binaries with: terraform init -upgrade.

Happy Terraforming! 🚀

YAY!!!!!!!!!!!

@Ninir is support for user pool clients next? I just encountered a roadblock on this... :(

@Ninir absolute champion squad! I'm gonna give it a try now, tjx

A word of warning to everyone (maybe this should go in the docs?):

Some actions such as adding/removing attributes require re-creating the user pool. This will cause you to lose any existing users.

Be sure to guard against it with:

lifecycle {
    prevent_destroy = "true"
}

@m1keil that is applicable to all resources. It's not specific to cognito user pools or this thread.

Hi @et304383 !

https://github.com/terraform-providers/terraform-provider-aws/pull/1803 is out and I'll review it after we release 1.3.1 (which contains some bug fixes regarding load balancers & IAM policies).

1.3.1 should come today or in the coming days :)

@et304383 Adding support for user pool app clients with https://github.com/terraform-providers/terraform-provider-aws/pull/2874/

I'm also working on user groups right now and then after those plus the fix to the IAM role attachment token validation is merged I think I can replace all my Cloudformation resources so that will probably be the end of the Cognito work I'm doing right now. Let me know if I'm missing anything else you think is important/critical.

The aws_cognito_user_pool_client and aws_cognito_user_pool_domain resources have been released in terraform-provider-aws version 1.7.0. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

Hi there,

Having resources for Cognito User Pools and Cognito Federated Identities, it's time to talk aboutCognito Sync, isn't it?

The edit page of Cognito Identity console looks like:

So the resouces for those configuration may be:

• aws_cognito_sync_push_synchronization
• aws_cognito_sync_stream
• aws_cognito_sync_event

Developer Guide
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sync.html

CLI API
https://docs.aws.amazon.com/cli/latest/reference/cognito-sync/index.html

Go API
https://github.com/aws/aws-sdk-go/blob/master/service/cognitosync/cognitosynciface/interface.go

Is it reasonable to create a new exclusive issue for Cognito Sync ?

Is it reasonable to create a new exclusive issue for Cognito Sync ?

@cooloon Yes, please! In fact, I would suggest creating issues for each of the expected resources. 😄

That said, we're also getting to a point where its going to be hard to determine what the definition of done is for this issue. We have some new issues springing up:

• Cognito Identity Provider support: #3279
• Cognito Sync support: (pending above note 😉 )
• aws_cognito_user_pool_resource_server support: #3616

I think is about time we close this nebulous ticket (for such a large AWS service) and create tickets for anything else specific that is missing. As of v1.9.0 of the AWS provider we support:

• aws_cognito_identity_pool
• aws_cognito_identity_pool_roles_attachment
• aws_cognito_user_group
• aws_cognito_user_pool
• aws_cognito_user_pool_client
• aws_cognito_user_pool_domain

Thanks everyone!

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!