AWS CloudFormation
User Guide (API Version 2010-05-15)


The AWS::Cognito::IdentityPoolRoleAttachment resource manages the role configuration for an Amazon Cognito identity pool.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::Cognito::IdentityPoolRoleAttachment", "Properties" : { "IdentityPoolId" : String, "RoleMappings" : String to RoleMapping object map, "Roles" : { String:String, ... } } }


Type: AWS::Cognito::IdentityPoolRoleAttachment Properties: IdentityPoolId: String RoleMappings: String to RoleMapping object map Roles: String:String



An identity pool ID in the format REGION:GUID.

Required: Yes

Type: String

Update requires: Replacement


How users for a specific identity provider are to mapped to roles. This is a string to RoleMapping object map. The string identifies the identity provider, for example, "" or ""

Required: No

Type: String to Amazon Cognito IdentityPoolRoleAttachment RoleMapping object map.

Update requires: No interruption


The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.

Required: No

Type: String to string map

Update requires: No interruption

Return Value


When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns a generated ID, such as IdentityPoolRoleAttachment-EXAMPLEwnOR3n.

For more information about using the Ref function, see Ref.