interface IdentityPoolRoleMapping
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.Cognito.IdentityPool.Alpha.IdentityPoolRoleMapping |
![]() | github.com/aws/aws-cdk-go/awscdkcognitoidentitypoolalpha/v2#IdentityPoolRoleMapping |
![]() | software.amazon.awscdk.services.cognito.identitypool.alpha.IdentityPoolRoleMapping |
![]() | aws_cdk.aws_cognito_identitypool_alpha.IdentityPoolRoleMapping |
![]() | @aws-cdk/aws-cognito-identitypool-alpha ยป IdentityPoolRoleMapping |
Map roles to users in the Identity Pool based on claims from the Identity Provider.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as cognito_identitypool_alpha from '@aws-cdk/aws-cognito-identitypool-alpha';
import { aws_iam as iam } from 'aws-cdk-lib';
declare const identityPoolProviderUrl: cognito_identitypool_alpha.IdentityPoolProviderUrl;
declare const role: iam.Role;
const identityPoolRoleMapping: cognito_identitypool_alpha.IdentityPoolRoleMapping = {
providerUrl: identityPoolProviderUrl,
// the properties below are optional
mappingKey: 'mappingKey',
resolveAmbiguousRoles: false,
rules: [{
claim: 'claim',
claimValue: 'claimValue',
mappedRole: role,
// the properties below are optional
matchType: cognito_identitypool_alpha.RoleMappingMatchType.EQUALS,
}],
useToken: false,
};
Properties
Name | Type | Description |
---|---|---|
provider | Identity | The url of the Provider for which the role is mapped. |
mapping | string | The key used for the role mapping in the role mapping hash. |
resolve | boolean | Allow for role assumption when results of role mapping are ambiguous. |
rules? | Role [] | The claim and value that must be matched in order to assume the role. |
use | boolean | If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from Identity Provider. |
providerUrl
Type:
Identity
The url of the Provider for which the role is mapped.
mappingKey?
Type:
string
(optional, default: The provided providerUrl)
The key used for the role mapping in the role mapping hash.
Required if the providerUrl is a token.
resolveAmbiguousRoles?
Type:
boolean
(optional, default: false - Ambiguous role resolutions will lead to requester being denied)
Allow for role assumption when results of role mapping are ambiguous.
rules?
Type:
Role
[]
(optional, default: No role mapping rule)
The claim and value that must be matched in order to assume the role.
Required if useToken is false
useToken?
Type:
boolean
(optional, default: false)
If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from Identity Provider.