AWS CloudFormation
User Guide (API Version 2010-05-15)

Amazon Cognito IdentityPoolRoleAttachment RoleMapping

RoleMapping is a property of the AWS::Cognito::IdentityPoolRoleAttachment resource that defines the role mapping attributes of an Amazon Cognito identity pool.



{ "AmbiguousRoleResolution" : String, "RulesConfiguration" : RulesConfiguration, "Type" : String }


AmbiguousRoleResolution: String, RulesConfiguration: RulesConfiguration, Type: String



Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. If you specify Token or Rules as the Type, AmbiguousRoleResolution is required.

Valid values are AuthenticatedRole or Deny.

Required: No

Type: String

Update requires: No interruption


The rules to be used for mapping users to roles. If you specify Rules as the role mapping type, RulesConfiguration is required.

Required: No

Type: Amazon Cognito IdentityPoolRoleAttachment RoleMapping RulesConfiguration

Update requires: No interruption


The role mapping type. Token will use cognito:roles and cognito:preferred_role claims from the Amazon Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.

Valid values are Token or Rules.

Required: Yes

Type: String

Update requires: No interruption

On this page: