SignInWithApple cognito_identity_provider configuration

I want to configure an identity provider for AppleId Sign In. However I can’t find any description of what the provider_details object should look like, in particular the correct variable names. Below is where I am at now.


resource "aws_cognito_identity_provider" "appleid_provider" {
  user_pool_id  = "${aws_cognito_user_pool.roji_user_pool.id}"
  provider_name = "Apple" # Check if correct
  provider_type = "SignInWithApple"

  provider_details = {
   ???
   Apple Services Id, 
Team Id,
Key Id
    private_key = "${file("./private_key.p8")}"
  }

  attribute_mapping = {
    email    = "email"
    name     = "name"
    username = "sub"
  }
}

Did you end up figuring out the proper configuration ?

Terraform’s aws_cognito_identity_provider documentation states that arguments are available on AWS documentation.

By directly following the AWS doc on provider_details I was able to make it work with the following code:

resource "aws_cognito_identity_provider" "apple" {
  user_pool_id  = aws_cognito_user_pool.dinogaia-users.id
  provider_name = "SignInWithApple"
  provider_type = "SignInWithApple"

  provider_details = {
    client_id         = var.apple_client_id # This refers to "Apple services ID" in the AWS Console
    team_id           = var.apple_team_id
    key_id            = var.apple_key_id
    private_key       = var.apple_private_key
    authorize_scopes  = "email name"
  }

  attribute_mapping = {
    email               = "email"
    preferred_username  = "name"
    username            = "sub"
  }
}