AWSTemplateFormatVersion: '2010-09-09' Description: | Amazon Cognito User Pool with Passwordless E-Mail Auth configured Globals: Function: Timeout: 3 Outputs: UserPoolClientId: Description: ID of the User Pool Client Value: Ref: UserPoolClient UserPoolId: Description: ID of the User Pool Value: Ref: UserPool Parameters: SESFromAddress: Description: The e-mail address to send the secret login code from Type: String UserPoolName: Description: The name you want the User Pool to be created with Type: String Resources: CreateAuthChallenge: Properties: CodeUri: Bucket: <%REPO_BUCKET%> Key: 31f61917-5310-424b-89d6-ca7495917057 Environment: Variables: SES_FROM_ADDRESS: Ref: SESFromAddress Handler: create-auth-challenge.handler Policies: - Statement: - Action: - ses:SendEmail Effect: Allow Resource: '*' Version: '2012-10-17' Runtime: nodejs10.x Type: AWS::Serverless::Function CreateAuthChallengeInvocationPermission: Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - CreateAuthChallenge - Arn Principal: cognito-idp.amazonaws.com SourceArn: Fn::GetAtt: - UserPool - Arn Type: AWS::Lambda::Permission DefineAuthChallenge: Properties: CodeUri: Bucket: <%REPO_BUCKET%> Key: 2addf0d2-5ce9-4741-b1a7-34a25470bbfc Handler: define-auth-challenge.handler Runtime: nodejs10.x Type: AWS::Serverless::Function DefineAuthChallengeInvocationPermission: Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - DefineAuthChallenge - Arn Principal: cognito-idp.amazonaws.com SourceArn: Fn::GetAtt: - UserPool - Arn Type: AWS::Lambda::Permission PreSignUp: Properties: CodeUri: Bucket: <%REPO_BUCKET%> Key: cbbd73aa-965e-4170-8a3f-72670fc0f81d Handler: pre-sign-up.handler Runtime: nodejs10.x Type: AWS::Serverless::Function PreSignUpInvocationPermission: Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - PreSignUp - Arn Principal: cognito-idp.amazonaws.com SourceArn: Fn::GetAtt: - UserPool - Arn Type: AWS::Lambda::Permission UserPool: Properties: LambdaConfig: CreateAuthChallenge: Fn::GetAtt: - CreateAuthChallenge - Arn DefineAuthChallenge: Fn::GetAtt: - DefineAuthChallenge - Arn PreSignUp: Fn::GetAtt: - PreSignUp - Arn VerifyAuthChallengeResponse: Fn::GetAtt: - VerifyAuthChallengeResponse - Arn MfaConfiguration: 'OFF' Policies: PasswordPolicy: MinimumLength: 8 RequireLowercase: false RequireNumbers: false RequireSymbols: false RequireUppercase: false Schema: - AttributeDataType: String Mutable: true Name: name Required: true - AttributeDataType: String Mutable: true Name: email Required: true UserPoolName: Ref: UserPoolName UsernameAttributes: - email Type: AWS::Cognito::UserPool UserPoolClient: Properties: ClientName: email-auth-client ExplicitAuthFlows: - CUSTOM_AUTH_FLOW_ONLY GenerateSecret: false UserPoolId: Ref: UserPool Type: AWS::Cognito::UserPoolClient VerifyAuthChallengeResponse: Properties: CodeUri: Bucket: <%REPO_BUCKET%> Key: 750580f0-e0a5-4250-9f57-70e8cbf49203 Handler: verify-auth-challenge-response.handler Runtime: nodejs10.x Type: AWS::Serverless::Function VerifyAuthChallengeResponseInvocationPermission: Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - VerifyAuthChallengeResponse - Arn Principal: cognito-idp.amazonaws.com SourceArn: Fn::GetAtt: - UserPool - Arn Type: AWS::Lambda::Permission Transform: AWS::Serverless-2016-10-31