AWS::WorkSpacesWeb::IdentityProvider - AWS CloudFormation

AWS::WorkSpacesWeb::IdentityProvider

This resource specifies an identity provider that is then associated with a web portal. This resource is not required if your portal's AuthenticationType is IAM Identity Center.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::WorkSpacesWeb::IdentityProvider", "Properties" : { "IdentityProviderDetails" : {Key: Value, ...}, "IdentityProviderName" : String, "IdentityProviderType" : String, "PortalArn" : String, "Tags" : [ Tag, ... ] } }

YAML

Type: AWS::WorkSpacesWeb::IdentityProvider Properties: IdentityProviderDetails: Key: Value IdentityProviderName: String IdentityProviderType: String PortalArn: String Tags: - Tag

Properties

IdentityProviderDetails

The identity provider details. The following list describes the provider detail keys for each identity provider type.

  • For Google and Login with Amazon:

    • client_id

    • client_secret

    • authorize_scopes

  • For Facebook:

    • client_id

    • client_secret

    • authorize_scopes

    • api_version

  • For Sign in with Apple:

    • client_id

    • team_id

    • key_id

    • private_key

    • authorize_scopes

  • For OIDC providers:

    • client_id

    • client_secret

    • attributes_request_method

    • oidc_issuer

    • authorize_scopes

    • authorize_url if not available from discovery URL specified by oidc_issuer key

    • token_url if not available from discovery URL specified by oidc_issuer key

    • attributes_url if not available from discovery URL specified by oidc_issuer key

    • jwks_uri if not available from discovery URL specified by oidc_issuer key

  • For SAML providers:

    • MetadataFile OR MetadataURL

    • IDPSignout (boolean) optional

    • IDPInit (boolean) optional

    • RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256

    • EncryptedResponses (boolean) optional

Required: Yes

Type: Object of String

Pattern: ^[\s\S]*$

Minimum: 0

Maximum: 131072

Update requires: No interruption

IdentityProviderName

The identity provider name.

Required: Yes

Type: String

Pattern: ^[^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+$

Minimum: 1

Maximum: 32

Update requires: No interruption

IdentityProviderType

The identity provider type.

Required: Yes

Type: String

Allowed values: SAML | Facebook | Google | LoginWithAmazon | SignInWithApple | OIDC

Update requires: No interruption

PortalArn

The ARN of the identity provider.

Required: No

Type: String

Pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$

Minimum: 20

Maximum: 2048

Update requires: Replacement

Tags

Property description not available.

Required: No

Type: Array of Tag

Minimum: 0

Maximum: 200

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource's Amazon Resource Name (ARN).

For more information about using the Ref function, see Ref.

Fn::GetAtt

IdentityProviderArn

The ARN of the identity provider.