CfnIdentityPoolRoleAttachmentProps

class aws_cdk.aws_cognito.CfnIdentityPoolRoleAttachmentProps(*, identity_pool_id, role_mappings=None, roles=None)

Bases: object

Properties for defining a CfnIdentityPoolRoleAttachment.

Parameters:
  • identity_pool_id (str) – An identity pool ID in the format REGION:GUID .

  • role_mappings (Union[IResolvable, Mapping[str, Union[IResolvable, RoleMappingProperty, Dict[str, Any]]], None]) – How users for a specific identity provider are mapped to roles. This is a string to the RoleMapping object map. The string identifies the identity provider. For example: graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id . If the IdentityProvider field isn’t provided in this object, the string is used as the identity provider name. For more information, see the RoleMapping property .

  • roles (Optional[Any]) – The map of the roles associated with this pool. For a given role, the key is either “authenticated” or “unauthenticated”. The value is the role ARN.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_cognito as cognito

# roles: Any

cfn_identity_pool_role_attachment_props = cognito.CfnIdentityPoolRoleAttachmentProps(
    identity_pool_id="identityPoolId",

    # the properties below are optional
    role_mappings={
        "role_mappings_key": cognito.CfnIdentityPoolRoleAttachment.RoleMappingProperty(
            type="type",

            # the properties below are optional
            ambiguous_role_resolution="ambiguousRoleResolution",
            identity_provider="identityProvider",
            rules_configuration=cognito.CfnIdentityPoolRoleAttachment.RulesConfigurationTypeProperty(
                rules=[cognito.CfnIdentityPoolRoleAttachment.MappingRuleProperty(
                    claim="claim",
                    match_type="matchType",
                    role_arn="roleArn",
                    value="value"
                )]
            )
        )
    },
    roles=roles
)

Attributes

identity_pool_id

An identity pool ID in the format REGION:GUID .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html#cfn-cognito-identitypoolroleattachment-identitypoolid

role_mappings

How users for a specific identity provider are mapped to roles.

This is a string to the RoleMapping object map. The string identifies the identity provider. For example: graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id .

If the IdentityProvider field isn’t provided in this object, the string is used as the identity provider name.

For more information, see the RoleMapping property .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html#cfn-cognito-identitypoolroleattachment-rolemappings

roles

The map of the roles associated with this pool.

For a given role, the key is either “authenticated” or “unauthenticated”. The value is the role ARN.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html#cfn-cognito-identitypoolroleattachment-roles