This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::VerifiedPermissions::IdentitySource OpenIdConnectGroupConfiguration
The claim in OIDC identity provider tokens that indicates a user's group membership, and
the entity type that you want to map it to. For example, this object can map the contents
of a groups claim to MyCorp::UserGroup.
This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "GroupClaim" :String, "GroupEntityType" :String}
YAML
GroupClaim:StringGroupEntityType:String
Properties
GroupClaim-
The token claim that you want Verified Permissions to interpret as group membership. For example,
groups.Required: Yes
Type: String
Minimum:
1Update requires: No interruption
GroupEntityType-
The policy store entity type that you want to map your users' group claim to. For example,
MyCorp::UserGroup. A group entity type is an entity that can have a user entity type as a member.Required: Yes
Type: String
Pattern:
^([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*$Minimum:
1Maximum:
200Update requires: No interruption
