You need to upload packaged resource handler (wrzasqpl-cognito-clientdata.zip
from GitHub Releases) to your S3 bucket. Afterwards you can just execute following template:
Resources: LogGroup: Type: "AWS::Logs::LogGroup" Properties: LogGroupName: "/aws/cloudformation/type/WrzasqPl-Cognito-ClientData/" RetentionInDays: 14 ExecutionRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: "resources.cloudformation.amazonaws.com" Action: "sts:AssumeRole" Policies: - PolicyName: "ResourceTypePolicy" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "cognito-idp:DescribeUserPoolClient" Resource: - "*" LoggingRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: "resources.cloudformation.amazonaws.com" Action: "sts:AssumeRole" Policies: - PolicyName: "AllowSendingMetrics" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "cloudwatch:ListMetrics" - "cloudwatch:PutMetricData" - "logs:CreateLogGroup" - "logs:CreateLogStream" - "logs:DescribeLogGroups" - "logs:DescribeLogStreams" - "logs:PutLogEvents" Resource: - "*" CognitoClientDataHandler: Type: "AWS::CloudFormation::ResourceVersion" Properties: ExecutionRoleArn: !GetAtt "ExecutionRole.Arn" LoggingConfig: LogGroupName: !Ref "LogGroup" LogRoleArn: !GetAtt "LoggingRole.Arn" SchemaHandlerPackage: "s3://your-bucket-name/wrzasqpl-cognito-clientdata.zip" TypeName: "WrzasqPl::Cognito::ClientData" CognitoClientDataVersion: Type: "AWS::CloudFormation::ResourceDefaultVersion" Properties: TypeVersionArn: !Ref "CognitoClientDataHandler"
The easiest way to distribute such package would be AWS Serverless Repository, but unfortunately it doesn’t support AWS::CloudFormation::ResourceVersion
and AWS::CloudFormation::ResourceDefaultVersion
resource types.