Class CfnIdentityPoolRoleAttachment.RoleMappingProperty
RoleMapping
is a property of the AWS::Cognito::IdentityPoolRoleAttachment resource that defines the role-mapping attributes of an Amazon Cognito identity pool.
Inheritance
Namespace: Amazon.CDK.AWS.Cognito
Assembly: Amazon.CDK.AWS.Cognito.dll
Syntax (csharp)
public class RoleMappingProperty : Object, CfnIdentityPoolRoleAttachment.IRoleMappingProperty
Syntax (vb)
Public Class RoleMappingProperty
Inherits Object
Implements CfnIdentityPoolRoleAttachment.IRoleMappingProperty
Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.Cognito;
var roleMappingProperty = new RoleMappingProperty {
Type = "type",
// the properties below are optional
AmbiguousRoleResolution = "ambiguousRoleResolution",
IdentityProvider = "identityProvider",
RulesConfiguration = new RulesConfigurationTypeProperty {
Rules = new [] { new MappingRuleProperty {
Claim = "claim",
MatchType = "matchType",
RoleArn = "roleArn",
Value = "value"
} }
}
};
Synopsis
Constructors
RoleMappingProperty() |
Properties
AmbiguousRoleResolution | Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no |
IdentityProvider | Identifier for the identity provider for which the role is mapped. |
RulesConfiguration | The rules to be used for mapping users to roles. |
Type | The role-mapping type. |
Constructors
RoleMappingProperty()
public RoleMappingProperty()
Properties
AmbiguousRoleResolution
Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role
claim and there are multiple cognito:roles
matches for the Token type.
public string AmbiguousRoleResolution { get; set; }
Property Value
System.String
Remarks
If you specify Token or Rules as the Type, AmbiguousRoleResolution is required.
Valid values are AuthenticatedRole
or Deny
.
IdentityProvider
Identifier for the identity provider for which the role is mapped.
public string IdentityProvider { get; set; }
Property Value
System.String
Remarks
For example: graph.facebook.com
or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id)
. This is the identity provider that is used by the user for authentication.
If the identity provider property isn't provided, the key of the entry in the RoleMappings
map is used as the identity provider.
RulesConfiguration
The rules to be used for mapping users to roles.
public object RulesConfiguration { get; set; }
Property Value
System.Object
Remarks
If you specify "Rules" as the role-mapping type, RulesConfiguration is required.
Type
The role-mapping type.
public string Type { get; set; }
Property Value
System.String
Remarks
Token
uses cognito:roles
and cognito:preferred_role
claims from the Amazon Cognito identity provider token to map groups to roles. Rules
attempts to match claims from the token to map to a role.
Valid values are Token
or Rules
.