AWS::Cognito::IdentityPoolRoleAttachment RoleMapping
One of a set of RoleMappings
, a property of the AWS::Cognito::IdentityPoolRoleAttachment resource that defines the role-mapping
attributes of an Amazon Cognito identity pool.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "AmbiguousRoleResolution" :
String
, "IdentityProvider" :String
, "RulesConfiguration" :RulesConfigurationType
, "Type" :String
}
YAML
AmbiguousRoleResolution:
String
IdentityProvider:String
RulesConfiguration:RulesConfigurationType
Type:String
Properties
AmbiguousRoleResolution
-
If you specify Token or Rules as the
Type
,AmbiguousRoleResolution
is required.Specifies the action to be taken if either no rules match the claim value for the
Rules
type, or there is nocognito:preferred_role
claim and there are multiplecognito:roles
matches for theToken
type.Required: No
Type: String
Update requires: No interruption
IdentityProvider
-
Identifier for the identity provider for which the role is mapped. For example:
graph.facebook.com
orcognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id)
. This is the identity provider that is used by the user for authentication.If the identity provider property isn't provided, the key of the entry in the
RoleMappings
map is used as the identity provider.Required: No
Type: String
Update requires: No interruption
RulesConfiguration
-
The rules to be used for mapping users to roles. If you specify "Rules" as the role-mapping type, RulesConfiguration is required.
Required: No
Type: RulesConfigurationType
Update requires: No interruption
Type
-
The role mapping type. Token will use
cognito:roles
andcognito:preferred_role
claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.Required: Yes
Type: String
Update requires: No interruption