#  Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
#  Licensed under the Apache License, Version 2.0 (the "License").
#  You may not use this file except in compliance with the License.
#  A copy of the License is located at
#
#      http://aws.amazon.com/apache2.0/
#
#  or in the "license" file accompanying this file. This file is distributed
#  on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
#  express or implied. See the License for the specific language governing
#  permissions and limitations under the License.

AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS Ops Wheel - Cognito Stack'
Parameters:
  AdminEmail:
    Type: String
Outputs:
  CognitoUserPoolArn:
    Value:
      Fn::GetAtt: CognitoUserPool.Arn
Resources:
  CognitoUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName:
        Ref: AWS::StackName
      AdminCreateUserConfig:
        AllowAdminCreateUserOnly: true
        UnusedAccountValidityDays: 90
        InviteMessageTemplate:
          EmailMessage: 'Your AWS Ops Wheel username is {username} and the temporary password is {####}'
          EmailSubject: 'Your temporary password for AWS Ops Wheel '
          SMSMessage: 'Your AWS Ops Wheel username is {username} and the temporary password is {####}'
      AutoVerifiedAttributes:
        - email
      Policies:
        PasswordPolicy:
          MinimumLength: 6
          RequireLowercase: false
          RequireNumbers: false
          RequireSymbols: false
          RequireUppercase: false
  CognitoUserPoolClient:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      ClientName: WheelUIClient
      UserPoolId:
        Ref: CognitoUserPool
  CognitoUserPoolAdmin:
    Type: AWS::Cognito::UserPoolUser
    Properties:
      Username: admin
      DesiredDeliveryMediums:
        - EMAIL
      UserPoolId:
        Ref: CognitoUserPool
      UserAttributes:
        - Name: email
          Value:
            Ref: AdminEmail