Hard coding secrets isn’t good, but hard stuff is great. Is there a reason not hard code the clientId and pool Id in your source code? If these never change, it’s definitely the best case to actually hard code them.
Is it you are creating cognito pool in the IaC and then need to inject that into your running process, so you need to output it somewhere, to pull it back in?
I recommend either hard coding it in the source code after it is created. And if you really wanted it automated, I suggest using CFN outputs, and then write that to a ENV file you can deploy with your source code. Using Parameter store during production runtime isn’t a great idea because it doesn’t have a defined SLA which means it could cause production downtime.