Menu
Amazon Cognito Federated Identities
API Reference (API Version 2014-06-30)

SetIdentityPoolRoles

Sets the roles for an identity pool. These roles are used when making calls to GetCredentialsForIdentity action.

You must use AWS Developer credentials to call this API.

Request Syntax

{
   "IdentityPoolId": "string",
   "RoleMappings": { 
      "string" : { 
         "AmbiguousRoleResolution": "string",
         "RulesConfiguration": { 
            "Rules": [ 
               { 
                  "Claim": "string",
                  "MatchType": "string",
                  "RoleARN": "string",
                  "Value": "string"
               }
            ]
         },
         "Type": "string"
      }
   },
   "Roles": { 
      "string" : "string" 
   }
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

IdentityPoolId

An identity pool ID in the format REGION:GUID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+:[0-9a-f-]+

Required: Yes

RoleMappings

How users for a specific identity provider are to mapped to roles. This is a string to RoleMapping object map. The string identifies the identity provider, for example, "graph.facebook.com" or "cognito-idp-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id".

Up to 25 rules can be specified per identity provider.

Type: String to RoleMapping object map

Required: No

Roles

The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.

Type: String to string map

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

ConcurrentModificationException

Thrown if there are parallel requests to modify a resource.

HTTP Status Code: 400

InternalErrorException

Thrown when the service encounters an error during processing the request.

HTTP Status Code: 500

InvalidParameterException

Thrown for missing or bad input parameter(s).

HTTP Status Code: 400

NotAuthorizedException

Thrown when a user is not authorized to access the requested resource.

HTTP Status Code: 400

ResourceConflictException

Thrown when a user tries to use a login which is already linked to another account.

HTTP Status Code: 400

ResourceNotFoundException

Thrown when the requested resource (for example, a dataset or record) does not exist.

HTTP Status Code: 400

TooManyRequestsException

Thrown when a request is throttled.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: