IdentityPoolRoleMapping

class aws_cdk.aws_cognito_identitypool.IdentityPoolRoleMapping(*, provider_url, resolve_ambiguous_roles=None, rules=None, use_token=None)

Bases: object

(experimental) Map roles to users in the identity pool based on claims from the Identity Provider.

Parameters:

  • provider_url (IdentityPoolProviderUrl) – (experimental) The url of the provider of for which the role is mapped.

  • resolve_ambiguous_roles (Optional[bool]) – (experimental) Allow for role assumption when results of role mapping are ambiguous. Default: false - Ambiguous role resolutions will lead to requester being denied

  • rules (Optional[Sequence[Union[RoleMappingRule, Dict[str, Any]]]]) – (experimental) The claim and value that must be matched in order to assume the role. Required if useToken is false Default: - No Rule Mapping Rule

  • use_token (Optional[bool]) – (experimental) If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from identity provider. Default: false

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html

Stability:

experimental

ExampleMetadata:

infused

Example:

from aws_cdk.aws_cognito_identitypool import IdentityPoolRoleMapping

# identity_pool: IdentityPool
# my_added_role_mapping1: IdentityPoolRoleMapping
# my_added_role_mapping2: IdentityPoolRoleMapping
# my_added_role_mapping3: IdentityPoolRoleMapping


identity_pool.add_role_mappings(my_added_role_mapping1, my_added_role_mapping2, my_added_role_mapping3)

Attributes

provider_url

(experimental) The url of the provider of for which the role is mapped.

Stability:

experimental

resolve_ambiguous_roles

(experimental) Allow for role assumption when results of role mapping are ambiguous.

Default:

false - Ambiguous role resolutions will lead to requester being denied

Stability:

experimental

rules

(experimental) The claim and value that must be matched in order to assume the role.

Required if useToken is false

Default:

  • No Rule Mapping Rule

Stability:

experimental

use_token

preferred_role claims from identity provider.

Default:

false

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html#using-tokens-to-assign-roles-to-users

Stability:

experimental

Type:

(experimental) If true then mapped roles must be passed through the cognito

Type:

roles or cognito