Add a role to an AWS Cognito Identity Pool via Cloudformation

Question

I am trying to write a CloudFormation template to create a new Cognito identity pool with Google authentication and using a pre-existing role.

This code creates a new identity pool with google authentication -

Resources:
 cognitoid:
  Type: "AWS::Cognito::IdentityPool"
  Properties:
   "AllowUnauthenticatedIdentities": false
   "SupportedLoginProviders": { "accounts.google.com": "<Google client id>" }

For the role, AWS::Cognito::IdentityPool doesnt have anything in properties for attaching a role.

Answer 1

was finally able to make it work -

AWSTemplateFormatVersion: 2010-09-09

Description: Stack to create a new Cognito identity pool with CloudFormation permissions to authenticate using a Google+ API

Resources:
 CognitoId:
  Type: "AWS::Cognito::IdentityPool"
  Properties:
   "AllowUnauthenticatedIdentities": false
   "SupportedLoginProviders": { "accounts.google.com": "253488098773-olaksun66kcniitls6q7dne2asn23sdm.apps.googleusercontent.com" }

 IamRole:
  Type: "AWS::IAM::Role"
  Properties:
   AssumeRolePolicyDocument:
    Version: "2012-10-17"
    Statement:
      -
        Effect: "Allow"
        Action:
          - "sts:AssumeRoleWithWebIdentity"
        Condition: { "ForAnyValue:StringLike": {"cognito-identity.amazonaws.com:amr": "authenticated" },  "StringEquals": {"cognito-identity.amazonaws.com:aud": !Ref CognitoId}}
        Principal:
          Federated:
            - "cognito-identity.amazonaws.com"
   Path: "/"
   "Policies":
     -
      PolicyName: main
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          -
            Effect: "Allow"
            Action:
              - "cloudformation:CreateStack"
              - "cloudformation:UpdateStack"
              - "cloudformation:DeleteStack"
              - "cloudformation:CreateUploadBucket"
              - "cloudformation:DescribeStacks"
              - "cloudformation:DescribeStackEvents"
              - "cloudformation:GetTemplateSummary"
              - "cloudformation:ListStacks"
              - "cloudformation:ListStackResources"
              - "s3:CreateBucket"
              - "s3:GetObject"
              - "s3:PutObject"
              - "mobileanalytics:PutEvent"
              - "cognito-sync:*"
              - "cognito-identity:*"
            Resource: "*" 
 IdentityPoolRoleAttachment:
  Type: "AWS::Cognito::IdentityPoolRoleAttachment"
  Properties:
   IdentityPoolId: !Ref CognitoId
   Roles: {"authenticated": !GetAtt IamRole.Arn}