AWS::Cognito::IdentityPoolRoleAttachment RoleMapping
One of a set of RoleMappings, a property of the AWS::Cognito::IdentityPoolRoleAttachment resource that defines the role-mapping
attributes of an Amazon Cognito identity pool.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "AmbiguousRoleResolution" :String, "IdentityProvider" :String, "RulesConfiguration" :RulesConfigurationType, "Type" :String}
YAML
AmbiguousRoleResolution:StringIdentityProvider:StringRulesConfiguration:RulesConfigurationTypeType:String
Properties
AmbiguousRoleResolution-
If you specify Token or Rules as the
Type,AmbiguousRoleResolutionis required.Specifies the action to be taken if either no rules match the claim value for the
Rulestype, or there is nocognito:preferred_roleclaim and there are multiplecognito:rolesmatches for theTokentype.Required: No
Type: String
Update requires: No interruption
IdentityProvider-
Identifier for the identity provider for which the role is mapped. For example:
graph.facebook.comorcognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id). This is the identity provider that is used by the user for authentication.If the identity provider property isn't provided, the key of the entry in the
RoleMappingsmap is used as the identity provider.Required: No
Type: String
Update requires: No interruption
RulesConfiguration-
The rules to be used for mapping users to roles. If you specify "Rules" as the role-mapping type, RulesConfiguration is required.
Required: No
Type: RulesConfigurationType
Update requires: No interruption
Type-
The role mapping type. Token will use
cognito:rolesandcognito:preferred_roleclaims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.Required: Yes
Type: String
Update requires: No interruption
