feat(cognito): new cloudFrontEndpoint method for user pool domain without custom resource

packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-domain-cfdist.js.snapshot/integ-user-pool-domain-cfdist.template.json

@@ -148,7 +148,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "746da84b10e215c552e68b6d2061024e4429f0386f43a35ef5e4d2940655692e.zip"
+     "S3Key": "9e8936ba1db43e0919ba2fc8265d50686eeaca82830c471ff8b7b0672c5970ec.zip"
     },
     "Handler": "index.handler",
     "Role": {
@@ -186,6 +186,14 @@
      "DomainDescription.CloudFrontDistribution"
     ]
    }
+  },
+  "CloudFrontEndpoint": {
+   "Value": {
+    "Fn::GetAtt": [
+     "UserPoolDomainD0EA232A",
+     "CloudFrontDistribution"
+    ]
+   }
   }
  },
  "Mappings": {

packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-domain-cfdist.ts

@@ -1,12 +1,13 @@
 import { App, CfnOutput, RemovalPolicy, Stack } from 'aws-cdk-lib';
 import { UserPool } from 'aws-cdk-lib/aws-cognito';
+import { LOG_API_RESPONSE_DATA_PROPERTY_TRUE_DEFAULT } from 'aws-cdk-lib/cx-api';
 
 /*
  * Stack verification steps:
  * * Verify that the CloudFrontDistribution stack output is of the format 'xxxxxxxxxxxxxx.cloudfront.net'
  */
 
-const app = new App();
+const app = new App({ postCliContext: { [LOG_API_RESPONSE_DATA_PROPERTY_TRUE_DEFAULT]: false } });
 const stack = new Stack(app, 'integ-user-pool-domain-cfdist');
 
 const userpool = new UserPool(stack, 'UserPool', {
@@ -26,3 +27,7 @@ new CfnOutput(stack, 'Domain', {
 new CfnOutput(stack, 'CloudFrontDomainName', {
   value: domain.cloudFrontDomainName,
 });
+
+new CfnOutput(stack, 'CloudFrontEndpoint', {
+  value: domain.cloudFrontEndpoint,
+});

packages/aws-cdk-lib/aws-cognito/README.md

@@ -19,6 +19,8 @@ This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aw
   - [Table of Contents](#table-of-contents)
   - [User Pools](#user-pools)
     - [Sign Up](#sign-up)
+      - [Code Verification](#code-verification)
+      - [Link Verification](#link-verification)
     - [Sign In](#sign-in)
     - [Attributes](#attributes)
     - [Attribute verification](#attribute-verification)
@@ -921,7 +923,6 @@ const fullAccessClient = pool.addClient('full-access-client', {
 });
 ```
 
-
 ### Domains
 
 After setting up an [app client](#app-clients), the address for the user pool's sign-up and sign-in webpages can be
@@ -990,6 +991,21 @@ Existing domains can be imported into CDK apps using `UserPoolDomain.fromDomainN
 const myUserPoolDomain = cognito.UserPoolDomain.fromDomainName(this, 'my-user-pool-domain', 'domain-name');
 ```
 
+To get the domain name of the CloudFront distribution associated with the user pool domain, use `cloudFrontEndpoint` method.
+
+```ts
+const userpool = new cognito.UserPool(this, 'UserPool');
+const domain = userpool.addDomain('Domain', {
+  cognitoDomain: {
+    domainPrefix: 'my-awesome-app',
+  },
+});
+
+new CfnOutput(this, 'CloudFrontEndpoint', {
+  value: domain.cloudFrontEndpoint,
+});
+```
+
 ### Deletion protection
 
 Deletion protection can be enabled on a user pool to prevent accidental deletion:

packages/aws-cdk-lib/aws-cognito/lib/user-pool-domain.ts

@@ -96,6 +96,7 @@ export class UserPoolDomain extends Resource implements IUserPoolDomain {
   private isCognitoDomain: boolean;
 
   private cloudFrontCustomResource?: AwsCustomResource;
+  private resource: CfnUserPoolDomain;
 
   constructor(scope: Construct, id: string, props: UserPoolDomainProps) {
     super(scope, id);
@@ -114,18 +115,29 @@ export class UserPoolDomain extends Resource implements IUserPoolDomain {
     this.isCognitoDomain = !!props.cognitoDomain;
 
     const domainName = props.cognitoDomain?.domainPrefix || props.customDomain?.domainName!;
-    const resource = new CfnUserPoolDomain(this, 'Resource', {
+    this.resource = new CfnUserPoolDomain(this, 'Resource', {
       userPoolId: props.userPool.userPoolId,
       domain: domainName,
       customDomainConfig: props.customDomain ? { certificateArn: props.customDomain.certificate.certificateArn } : undefined,
     });
 
-    this.domainName = resource.ref;
+    this.domainName = this.resource.ref;
   }
 
   /**
    * The domain name of the CloudFront distribution associated with the user pool domain.
    */
+  public get cloudFrontEndpoint(): string {
+    return this.resource.getAtt('CloudFrontDistribution').toString();
+  }
+
+  /**
+   * The domain name of the CloudFront distribution associated with the user pool domain.
+   *
+   * This method creates a custom resource internally to get the CloudFront domain name.
+   *
+   * @deprecated use `cloudFrontEndpoint` method instead.
+   */
   public get cloudFrontDomainName(): string {
     if (!this.cloudFrontCustomResource) {
       const sdkCall: AwsSdkCall = {

packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts

@@ -1,3 +1,4 @@
+import { testDeprecated } from '@aws-cdk/cdk-build-tools';
 import { Template } from '../../assertions';
 import { Certificate } from '../../aws-certificatemanager';
 import { CfnParameter, Stack } from '../../core';
@@ -103,7 +104,7 @@ describe('User Pool Domain', () => {
     })).not.toThrow();
   });
 
-  test('custom resource is added when cloudFrontDomainName property is used', () => {
+  testDeprecated('custom resource is added when cloudFrontDomainName property is used', () => {
     // GIVEN
     const stack = new Stack();
     const pool = new UserPool(stack, 'Pool');
@@ -137,7 +138,7 @@ describe('User Pool Domain', () => {
     });
   });
 
-  test('cloudFrontDomainName property can be called multiple times', () => {
+  testDeprecated('cloudFrontDomainName property can be called multiple times', () => {
     const stack = new Stack();
     const pool = new UserPool(stack, 'Pool');
     const domain = pool.addDomain('Domain', {
@@ -152,6 +153,27 @@ describe('User Pool Domain', () => {
     expect(cfDomainNameSecond).toEqual(cfDomainNameFirst);
   });
 
+  test('cloudFrontEndpoint property can be called without custom resource', () => {
+    const stack = new Stack();
+    const pool = new UserPool(stack, 'Pool');
+    const domain = pool.addDomain('Domain', {
+      cognitoDomain: {
+        domainPrefix: 'cognito-domain-prefix',
+      },
+    });
+
+    const cloudFrontEndpoint = domain.cloudFrontEndpoint;
+
+    expect(stack.resolve(cloudFrontEndpoint)).toEqual({
+      'Fn::GetAtt': [
+        'PoolDomainCFC71F56',
+        'CloudFrontDistribution',
+      ],
+    });
+
+    Template.fromStack(stack).resourceCountIs('Custom::UserPoolCloudFrontDomainName', 0);
+  });
+
   test('import', () => {
     // GIVEN
     const stack = new Stack();

packages/aws-cdk-lib/rosetta/aws_cognito/default.ts-fixture

@@ -1,5 +1,5 @@
 // Fixture with packages imported, but nothing else
-import { Duration, Stack } from 'aws-cdk-lib';
+import { CfnOutput, Duration, Stack } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import * as certificatemanager from 'aws-cdk-lib/aws-certificatemanager';
 import * as cognito from 'aws-cdk-lib/aws-cognito';