user_pool_client

Gets an individual user_pool_client resource

Overview

Name	user_pool_client
Type	Resource
Description	user_pool_client
Id	awscc.cognito.user_pool_client

Fields

Name	Datatype	Description
client_name	string
explicit_auth_flows	array
generate_secret	boolean
read_attributes	array
auth_session_validity	integer
refresh_token_validity	integer
access_token_validity	integer
id_token_validity	integer
token_validity_units	object
user_pool_id	string
write_attributes	array
allowed_oauth_flows	array
allowed_oauth_flows_user_pool_client	boolean
allowed_oauth_scopes	array
callback_urls	array
default_redirect_uri	string
logout_urls	array
supported_identity_providers	array
analytics_configuration	object
prevent_user_existence_errors	string
enable_token_revocation	boolean
enable_propagate_additional_user_context_data	boolean
name	string
client_secret	string
client_id	string
region	string	AWS region.

Methods

Currently only SELECT is supported for this resource resource.

Example

SELECT
region,
client_name,
explicit_auth_flows,
generate_secret,
read_attributes,
auth_session_validity,
refresh_token_validity,
access_token_validity,
id_token_validity,
token_validity_units,
user_pool_id,
write_attributes,
allowed_oauth_flows,
allowed_oauth_flows_user_pool_client,
allowed_oauth_scopes,
callback_urls,
default_redirect_uri,
logout_urls,
supported_identity_providers,
analytics_configuration,
prevent_user_existence_errors,
enable_token_revocation,
enable_propagate_additional_user_context_data,
name,
client_secret,
client_id
FROM awscc.cognito.user_pool_client
WHERE data__Identifier = '<UserPoolId>|<ClientId>';

Permissions

To operate on the user_pool_client resource, the following permissions are required:

Read

cognito-idp:DescribeUserPoolClient

Update

cognito-idp:UpdateUserPoolClient,
iam:PassRole,
iam:PutRolePolicy

Delete

cognito-idp:DeleteUserPoolClient,
iam:PutRolePolicy,
iam:DeleteRolePolicy