AWS::Cognito::UserPoolGroup

Specifies a new group in the identified user pool.

Calling this action requires developer credentials.

Note

If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::Cognito::UserPoolGroup",
  "Properties" : {
      "Description" : String,
      "GroupName" : String,
      "Precedence" : Double,
      "RoleArn" : String,
      "UserPoolId" : String
    }
}

YAML


Type: AWS::Cognito::UserPoolGroup
Properties: 
  Description: String
  GroupName: String
  Precedence: Double
  RoleArn: String
  UserPoolId: String

Properties

Description

A string containing the description of the group.

Required: No

Type: String

Maximum: 2048

Update requires: No interruption

GroupName

The name of the group. Must be unique.

Required: No

Type: String

Minimum: 1

Maximum: 128

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Update requires: Replacement

Precedence

A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower Precedence values take precedence over groups with higher or null Precedence values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the cognito:roles and cognito:preferred_role claims.

Two groups can have the same Precedence value. If this happens, neither group takes precedence over the other. If two groups with the same Precedence have the same role ARN, that role is used in the cognito:preferred_role claim in tokens for users in each group. If the two groups have different role ARNs, the cognito:preferred_role claim isn't set in users' tokens.

The default Precedence value is null. The maximum Precedence value is 2^31-1.

Required: No

Type: Double

Minimum: 0

Update requires: No interruption

RoleArn

The role Amazon Resource Name (ARN) for the group.

Required: No

Type: String

Minimum: 20

Maximum: 2048

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Update requires: No interruption

UserPoolId

The user pool ID for the user pool.

Required: Yes

Type: String

Minimum: 1

Maximum: 55

Pattern: [\w-]+_[0-9a-zA-Z]+

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the user pool group. For example: Admins.

For more information about using the Ref function, see Ref.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

CustomDomainConfigType

AWS::Cognito::UserPoolIdentityProvider