AWS::Cognito::IdentityPoolRoleAttachment RoleMapping - AWS CloudFormation

AWS::Cognito::IdentityPoolRoleAttachment RoleMapping

RoleMapping is a property of the AWS::Cognito::IdentityPoolRoleAttachment resource that defines the role-mapping attributes of an Amazon Cognito identity pool.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

Properties

AmbiguousRoleResolution

Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. If you specify Token or Rules as the Type, AmbiguousRoleResolution is required.

Valid values are AuthenticatedRole or Deny.

Required: No

Type: String

Update requires: No interruption

IdentityProvider

Identifier for the identity provider for which the role is mapped. For example: "graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id)". This is the identity provider that is used by the user for authentication.

If the identity provider property isn't provided, the key of the entry in the RoleMappings map is used as the identity provider.

Required: No

Type: String

Update requires: No interruption

RulesConfiguration

The rules to be used for mapping users to roles. If you specify "Rules" as the role-mapping type, RulesConfiguration is required.

Required: No

Type: RulesConfigurationType

Update requires: No interruption

Type

The role-mapping type. Token uses cognito:roles and cognito:preferred_role claims from the Amazon Cognito identity provider token to map groups to roles. Rules attempts to match claims from the token to map to a role.

Valid values are Token or Rules.

Required: Yes

Type: String

Update requires: No interruption