IdentityPoolRoleMapping

class aws_cdk.aws_cognito_identitypool_alpha.IdentityPoolRoleMapping(*, provider_url, mapping_key=None, resolve_ambiguous_roles=None, rules=None, use_token=None)

Bases: object

(experimental) Map roles to users in the Identity Pool based on claims from the Identity Provider.

Parameters:
  • provider_url (IdentityPoolProviderUrl) – (experimental) The url of the Provider for which the role is mapped.

  • mapping_key (Optional[str]) – (experimental) The key used for the role mapping in the role mapping hash. Required if the providerUrl is a token. Default: - The provided providerUrl

  • resolve_ambiguous_roles (Optional[bool]) – (experimental) Allow for role assumption when results of role mapping are ambiguous. Default: false - Ambiguous role resolutions will lead to requester being denied

  • rules (Optional[Sequence[Union[RoleMappingRule, Dict[str, Any]]]]) – (experimental) The claim and value that must be matched in order to assume the role. Required if useToken is false Default: - No role mapping rule

  • use_token (Optional[bool]) – (experimental) If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from Identity Provider. Default: false

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html

Stability:

experimental

ExampleMetadata:

infused

Example:

from aws_cdk.aws_cognito_identitypool_alpha import IdentityPoolRoleMapping

# identity_pool: IdentityPool
# my_added_role_mapping1: IdentityPoolRoleMapping
# my_added_role_mapping2: IdentityPoolRoleMapping
# my_added_role_mapping3: IdentityPoolRoleMapping


identity_pool.add_role_mappings(my_added_role_mapping1, my_added_role_mapping2, my_added_role_mapping3)

Attributes

mapping_key

(experimental) The key used for the role mapping in the role mapping hash.

Required if the providerUrl is a token.

Default:
  • The provided providerUrl

Stability:

experimental

provider_url

(experimental) The url of the Provider for which the role is mapped.

Stability:

experimental

resolve_ambiguous_roles

(experimental) Allow for role assumption when results of role mapping are ambiguous.

Default:

false - Ambiguous role resolutions will lead to requester being denied

Stability:

experimental

rules

(experimental) The claim and value that must be matched in order to assume the role.

Required if useToken is false

Default:
  • No role mapping rule

Stability:

experimental

use_token

preferred_role claims from Identity Provider.

Default:

false

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html#using-tokens-to-assign-roles-to-users

Stability:

experimental

Type:

(experimental) If true then mapped roles must be passed through the cognito

Type:

roles or cognito