1 | resource "aws_cognito_user_pool" "pool" { |
2 | name = "social-network-${random_id.id.hex}" |
3 | admin_create_user_config { |
4 | allow_admin_create_user_only = true |
5 | } |
6 | account_recovery_setting { |
7 | recovery_mechanism { |
8 | name = "verified_email" |
9 | priority = 1 |
10 | } |
11 | } |
12 | } |
13 | |
14 | resource "aws_cognito_user_pool_client" "client" { |
15 | name = "client" |
16 | user_pool_id = aws_cognito_user_pool.pool.id |
17 | |
18 | allowed_oauth_flows = ["code"] |
19 | callback_urls = ["https://${aws_cloudfront_distribution.distribution.domain_name}"] |
20 | logout_urls = ["https://${aws_cloudfront_distribution.distribution.domain_name}"] |
21 | allowed_oauth_scopes = ["openid"] |
22 | allowed_oauth_flows_user_pool_client = true |
23 | supported_identity_providers = ["COGNITO"] |
24 | } |
25 | |
26 | resource "aws_cognito_user_pool_domain" "domain" { |
27 | domain = "social-network-${random_id.id.hex}" |
28 | user_pool_id = aws_cognito_user_pool.pool.id |
29 | } |
30 | |
31 | |