AWS::Cognito::IdentityPoolPrincipalTag - AWS CloudFormation
SyntaxPropertiesReturn valuesExamples

This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::Cognito::IdentityPoolPrincipalTag

A list of the identity pool principal tag assignments for attributes for access control.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Cognito::IdentityPoolPrincipalTag",
  "Properties" : {
      "IdentityPoolId" : String,
      "IdentityProviderName" : String,
      "PrincipalTags" : Json,
      "UseDefaults" : Boolean
    }
}

YAML

Type: AWS::Cognito::IdentityPoolPrincipalTag
Properties:
  IdentityPoolId: String
  IdentityProviderName: String
  PrincipalTags: Json
  UseDefaults: Boolean

Properties

IdentityPoolId

The identity pool that you want to associate with this principal tag map.

Required: Yes

Type: String

Update requires: Replacement

IdentityProviderName

The identity pool identity provider (IdP) that you want to associate with this principal tag map.

Required: Yes

Type: String

Update requires: Replacement

PrincipalTags

A JSON-formatted list of user claims and the principal tags that you want to associate with them. When Amazon Cognito requests credentials, it sets the value of the principal tag to the value of the user's claim.

Required: No

Type: Json

Update requires: No interruption

UseDefaults

Use a default set of mappings between claims and tags for this provider, instead of a custom map.

Required: No

Type: Boolean

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the principal tag primary ID, like us-east-1:1cf667a2-49a6-454b-9e45-23199EXAMPLE|graph.facebook.com.

Examples

Creating a new principal tag attribute map for an identity pool

The following example maps the claim aud to principal tag app_id and the claim sub to user_id in the identity pool Example_pool.

YAML

AWSTemplateFormatVersion: 2010-09-09
Description: Cognito Principal Tags Example
Resources:
  ExamplePool:
    Type: AWS::Cognito::IdentityPool
    Properties:
      IdentityPoolName: example_pool
      AllowUnauthenticatedIdentities: true
      SupportedLoginProviders:
        graph.facebook.com: abcdExampleClientId
  PrincipalTags:
    Type: AWS::Cognito::IdentityPoolPrincipalTag
    Properties:
      IdentityPoolId: !Ref ExamplePool
      IdentityProviderName: graph.facebook.com
      PrincipalTags:
        app_id: aud
        user_id: sub
      UseDefaults: false