I've set up a Cognito user pool and an associated app client through the AWS console, opting for the new "Managed Login" option instead of the traditional "Hosted UI." While it worked fine initially, I'm now facing challenges trying to implement this in code. I'm struggling to figure out how to create a style or even use the default one programmatically, especially via Infrastructure as Code (IaC) tools like CloudFormation, Pulumi, or Terraform. Did AWS release this feature without an API, or am I just missing something? Currently, I can set it up through IaC, but it requires me to manually adjust the style in the AWS Console. Any assistance would be appreciated! If it turns out there's no way to handle this programmatically, I'll just revert back to using the Hosted UI.
4 Answers
It seems like user pools are regarded more as data entities rather than resource types like tables. You might be able to use AWS SDKs like Boto3 to configure this without issues.
Check out this CloudFormation resource for managed login branding: [Cognito Managed Login Branding](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-managedloginbranding.html). I understand you're using Pulumi, and while it may not be supported yet in their AWS provider, you can still reference it in AWS's Cloud Control API using `aws-native.cognito.ManagedLoginBranding`. Let me know if that works out!
For the old hosted UI using IaC, I leverage the CLI/API methods like `aws cognito-idp set-ui-customization ...` to customize the CSS and logo since I couldn't find a CloudFormation-based way. Here’s a quick make target I use:
```make
.PHONY: ui
ui:
aws cognito-idp set-ui-customization
--user-pool-id $(call get_ssm_parameter,${PARAMETER_PREFIX}/auth/userpool/id)
--client-id $(call get_ssm_parameter,${PARAMETER_PREFIX}/auth/userpool/client/id)
--css "$(shell cat $(CSS_FILE))"
--image-file fileb://$(IMAGE_FILE)
```
I think Terraform and Pulumi can automate this since it's just a coverage issue with the APIs.
For the old UI, I handle it like this in Pulumi (Python):
```python
aws.cognito.UserPoolUICustomization(
"user-pool-ui-customization",
user_pool_id=user_pool.id,
client_id=user_pool_client.id,
css="",
)
```
In this setup, the `css` field is mandatory, but I just set it to an empty string to use the default style.
Although I can't find the exact AWS documentation I used, here's what works: You can create the managed login resource via IaC and set `use_cognito_provided_values` to true initially. After that, query the resource to get the JSON template you can customize. Once you're done, you can set `use_cognito_provided_values` back to false. Here are some links that might help: [AWS CDK Managed Login Docs](https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_cognito/CfnManagedLoginBranding.html), [AWS CLI Description](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-managed-login-branding-by-client.html).
Thank you! This could be exactly what I needed; much appreciated!
Thanks for the tip! I'll try that and let you know if it does the trick.