AWS::Cognito::IdentityPoolPrincipalTag
A list of the identity pool principal tag assignments for attributes for access control.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Cognito::IdentityPoolPrincipalTag", "Properties" : { "IdentityPoolId" :
String
, "IdentityProviderName" :String
, "PrincipalTags" :Json
, "UseDefaults" :Boolean
} }
YAML
Type: AWS::Cognito::IdentityPoolPrincipalTag Properties: IdentityPoolId:
String
IdentityProviderName:String
PrincipalTags:Json
UseDefaults:Boolean
Properties
IdentityPoolId
-
The identity pool that you want to associate with this principal tag map.
Required: Yes
Type: String
Update requires: Replacement
IdentityProviderName
-
The identity pool identity provider (IdP) that you want to associate with this principal tag map.
Required: Yes
Type: String
Update requires: Replacement
-
A JSON-formatted list of user claims and the principal tags that you want to associate with them. When Amazon Cognito requests credentials, it sets the value of the principal tag to the value of the user's claim.
Required: No
Type: Json
Update requires: No interruption
UseDefaults
-
Use a default set of mappings between claims and tags for this provider, instead of a custom map.
Required: No
Type: Boolean
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the principal tag primary ID, like
us-east-1:1cf667a2-49a6-454b-9e45-23199EXAMPLE|graph.facebook.com
.
Examples
Creating a new principal tag attribute map for an identity pool
The following example maps the claim aud
to principal tag
app_id
and the claim sub
to user_id
in the
identity pool Example_pool.
YAML
AWSTemplateFormatVersion: "2010-09-09" Description: Cognito Principal Tags Example Resources: ExamplePool: Type: AWS::Cognito::IdentityPool Properties: IdentityPoolName: 'example_pool' AllowUnauthenticatedIdentities: True SupportedLoginProviders: "graph.facebook.com": "abcdExampleClientId" PrincipalTags: Type: AWS::Cognito::IdentityPoolPrincipalTag Properties: IdentityPoolId: !Ref 'ExamplePool' IdentityProviderName: "graph.facebook.com" PrincipalTags: app_id: "aud" user_id: "sub" UseDefaults: false