Suppose I created
CognitoUserPoolIdentityProviderGoogle:
Type: AWS::Cognito::UserPoolIdentityProvider
Properties:
ProviderName: Google
AttributeMapping:
email: emailAddress
ProviderDetails:
client_id: xxxx
client_secret: yyyy
authorize_scopes: profile email openid phone
ProviderType: Google
UserPoolId:
Ref: CognitoUserPoolUserPool
and later somebody updated client_id and client_secret manually to 1111 and 2222. Rerunning CloudFormation would result in overwriting the manual change and reverting the values to xxxx and yyyy.
How do I avoid that? AWS::Cognito::UserPoolIdentityProvider is just an example - this could be any resource.
What I am looking for is basically a functionality of ignore_changes in Terraform
In CFN there is no "ignore changes". It is a bad practice to modify any resources managed by CFN, manually outside of its control. Manual changes can result in a lot of issues, one of which you are describing.
The technical term for what you are observing is a stack drift. There are few ways of managing it. But the first thing you do when you suspect it is to run drift detection on your stack before any updates.
Since in your case the drift is not that bad, you have two choices: