AWSTemplateFormatVersion: '2010-09-09' Description: SXR UI Stack - static website bucket, cognito identity pool, roles, etc. Resources: CognitoIdentityPool: Type: "AWS::Cognito::IdentityPool" Properties: IdentityPoolName: SXRIdentityPool AllowUnauthenticatedIdentities: true SXRAuthenticatedRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Federated: - cognito-identity.amazonaws.com Action: - sts:AssumeRoleWithWebIdentity Condition: StringEquals: cognito-identity.amazonaws.com:aud: - !Ref CognitoIdentityPool ForAnyValue:StringLike: cognito-identity.amazonaws.com:amr: - "authenticated" Path: "/" SXRUNAuthenticatedRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Federated: - cognito-identity.amazonaws.com Action: - sts:AssumeRoleWithWebIdentity Condition: StringEquals: cognito-identity.amazonaws.com:aud: - !Ref CognitoIdentityPool Path: "/" RolePolicies: Type: AWS::IAM::Policy Properties: PolicyName: authenticatedpolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: "*" Resource: "*" Roles: - !Ref SXRAuthenticatedRole AuthenticatedRoleAttach: Type: "AWS::Cognito::IdentityPoolRoleAttachment" Properties: IdentityPoolId: !Ref CognitoIdentityPool Roles: authenticated: !GetAtt SXRAuthenticatedRole.Arn unauthenticated: !GetAtt SXRUNAuthenticatedRole.Arn WebsiteBucket: Type: AWS::S3::Bucket Properties: AccessControl: PublicRead WebsiteConfiguration: IndexDocument: index.html ErrorDocument: error.html Outputs: CognitoIdentityPoolId: Description: Cognito Identity Pool Id Value: !Ref CognitoIdentityPool Export: Name: !Sub "${AWS::StackName}-CognitoIdentityPoolId" BucketName: Value: !Ref WebsiteBucket Description: The name of the website bucket BucketURL: Value: !GetAtt WebsiteBucket.WebsiteURL Description: URL for the static website