AWS::Cognito::IdentityPoolRoleAttachment RoleMapping - AWS CloudFormation

AWS::Cognito::IdentityPoolRoleAttachment RoleMapping

One of a set of RoleMappings, a property of the AWS::Cognito::IdentityPoolRoleAttachment resource that defines the role-mapping attributes of an Amazon Cognito identity pool.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

Properties

AmbiguousRoleResolution

If you specify Token or Rules as the Type, AmbiguousRoleResolution is required.

Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.

Required: No

Type: String

Update requires: No interruption

IdentityProvider

Identifier for the identity provider for which the role is mapped. For example: graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id). This is the identity provider that is used by the user for authentication.

If the identity provider property isn't provided, the key of the entry in the RoleMappings map is used as the identity provider.

Required: No

Type: String

Update requires: No interruption

RulesConfiguration

The rules to be used for mapping users to roles. If you specify "Rules" as the role-mapping type, RulesConfiguration is required.

Required: No

Type: RulesConfigurationType

Update requires: No interruption

Type

The role mapping type. Token will use cognito:roles and cognito:preferred_role claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.

Required: Yes

Type: String

Update requires: No interruption