feat(cognito-identitypool): throw ValidationErrors instead of untyped Errors (#34109)

### Issue # (if applicable)

Relates to #32569

### Reason for this change
Untyped Errors are not recommended.


### Description of changes
Change Error to ValidationError / UnscopedValidationError


### Describe any new or updated permissions being added
None



### Description of how you validated changes
Existing tests. Exemptions granted as this is a refactor of existing code.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: tttol

packages/aws-cdk-lib/.eslintrc.js

@@ -47,6 +47,7 @@ const enableNoThrowDefaultErrorIn = [
   'aws-codepipeline',
   'aws-codepipeline-actions',
   'aws-cognito',
+  'aws-cognito-identitypool',
   'aws-config',
   'aws-docdb',
   'aws-dynamodb',

packages/aws-cdk-lib/aws-cognito-identitypool/lib/identitypool.ts

@@ -2,7 +2,7 @@ import { Construct } from 'constructs';
 import { IUserPoolAuthenticationProvider } from './identitypool-user-pool-authentication-provider';
 import { CfnIdentityPool, CfnIdentityPoolRoleAttachment, IUserPool, IUserPoolClient } from '../../aws-cognito';
 import { IOpenIdConnectProvider, ISamlProvider, Role, FederatedPrincipal, IRole } from '../../aws-iam';
-import { Resource, IResource, Stack, ArnFormat, Lazy, Token } from '../../core';
+import { Resource, IResource, Stack, ArnFormat, Lazy, Token, ValidationError, UnscopedValidationError } from '../../core';
 import { addConstructMetadata, MethodMetadata } from '../../core/lib/metadata-resource';
 
 /**
@@ -383,15 +383,15 @@ export class IdentityPool extends Resource implements IIdentityPool {
     const pool = Stack.of(scope).splitArn(identityPoolArn, ArnFormat.SLASH_RESOURCE_NAME);
     const res = pool.resourceName || '';
     if (!res) {
-      throw new Error('Invalid Identity Pool ARN');
+      throw new ValidationError('Invalid Identity Pool ARN', scope);
     }
     if (!Token.isUnresolved(res)) {
       const idParts = res.split(':');
       if (!(idParts.length === 2)) {
-        throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>');
+        throw new ValidationError('Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>', scope);
       }
       if (!Token.isUnresolved(pool.region) && idParts[0] !== pool.region) {
-        throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
+        throw new ValidationError('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region', scope);
       }
     }
     class ImportedIdentityPool extends Resource implements IIdentityPool {
@@ -625,7 +625,7 @@ class IdentityPoolRoleAttachment extends Resource implements IIdentityPoolRoleAt
       } else {
         const providerUrl = prop.providerUrl.value;
         if (Token.isUnresolved(providerUrl)) {
-          throw new Error('mappingKey must be provided when providerUrl.value is a token');
+          throw new UnscopedValidationError('mappingKey must be provided when providerUrl.value is a token');
         }
         mappingKey = providerUrl;
       }
@@ -637,7 +637,7 @@ class IdentityPoolRoleAttachment extends Resource implements IIdentityPoolRoleAt
       };
       if (roleMapping.type === 'Rules') {
         if (!prop.rules) {
-          throw new Error('IdentityPoolRoleMapping.rules is required when useToken is false');
+          throw new UnscopedValidationError('IdentityPoolRoleMapping.rules is required when useToken is false');
         }
         roleMapping.rulesConfiguration = {
           rules: prop.rules.map(rule => {