AWSTemplateFormatVersion: "2010-09-09"

Description: "Add a CloudFront distribution to a static S3 website with basic authentication This template *must* be deployed in us-east-1.\n"

Parameters:
  Name:
    Type: String

  WebUri:
    Type: String

Resources:
  UserPool:
    Type: "AWS::Cognito::UserPool"
    Properties:
      AdminCreateUserConfig:
        AllowAdminCreateUserOnly: true
      Policies:
        PasswordPolicy:
          MinimumLength: 8
          RequireLowercase: false
          RequireNumbers: false
          RequireSymbols: false
          RequireUppercase: false

  UserPoolClient:
    Type: "AWS::Cognito::UserPoolClient"
    Properties:
      AllowedOAuthFlows:
        - code
      AllowedOAuthFlowsUserPoolClient: true
      AllowedOAuthScopes:
        - openid
      CallbackURLs:
        - !Ref WebUri
      PreventUserExistenceErrors: ENABLED
      SupportedIdentityProviders:
        - COGNITO
      UserPoolId: !Ref UserPool

  UserPoolDomain:
    Type: "AWS::Cognito::UserPoolDomain"
    Properties:
      Domain: !Ref Name
      UserPoolId: !Ref UserPool

Outputs:
  UserPoolId:
    Value: !Ref UserPool

  UserPoolClientId:
    Value: !Ref UserPoolClient

  BaseUri:
    Value: !Sub https://${UserPoolDomain}.auth.${AWS::Region}.amazoncognito.com