AWS CloudFormation
User Guide (Version )

AWS::Cognito::IdentityPoolRoleAttachment MappingRule

Defines how to map a claim to a role ARN.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Claim" : String, "MatchType" : String, "RoleARN" : String, "Value" : String }

YAML

Claim: String MatchType: String RoleARN: String Value: String

Properties

Claim

The claim name that must be present in the token, for example, "isAdmin" or "paid."

Required: Yes

Type: String

Update requires: No interruption

MatchType

The match condition that specifies how closely the claim value in the IdP token must match Value.

Valid values are: Equals, Contains, StartsWith, and NotEqual.

Required: Yes

Type: String

Update requires: No interruption

RoleARN

The Amazon Resource Name (ARN) of the role.

Required: Yes

Type: String

Update requires: No interruption

Value

A brief string that the claim must match, for example, "paid" or "yes."

Required: Yes

Type: String

Update requires: No interruption

On this page: