interface IdentityPoolRoleMapping
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.Cognito.IdentityPool.Alpha.IdentityPoolRoleMapping |
![]() | github.com/aws/aws-cdk-go/awscdkcognitoidentitypoolalpha/v2#IdentityPoolRoleMapping |
![]() | software.amazon.awscdk.services.cognito.identitypool.alpha.IdentityPoolRoleMapping |
![]() | aws_cdk.aws_cognito_identitypool_alpha.IdentityPoolRoleMapping |
![]() | @aws-cdk/aws-cognito-identitypool-alpha ยป IdentityPoolRoleMapping |
Map roles to users in the identity pool based on claims from the Identity Provider.
Example
import { IdentityPoolRoleMapping } from '@aws-cdk/aws-cognito-identitypool-alpha';
declare const identityPool: IdentityPool;
declare const myAddedRoleMapping1: IdentityPoolRoleMapping;
declare const myAddedRoleMapping2: IdentityPoolRoleMapping;
declare const myAddedRoleMapping3: IdentityPoolRoleMapping;
identityPool.addRoleMappings(myAddedRoleMapping1, myAddedRoleMapping2, myAddedRoleMapping3);
Properties
Name | Type | Description |
---|---|---|
provider | Identity | The url of the provider of for which the role is mapped. |
mapping | string | The key used for the role mapping in the role mapping hash. |
resolve | boolean | Allow for role assumption when results of role mapping are ambiguous. |
rules? | Role [] | The claim and value that must be matched in order to assume the role. |
use | boolean | If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from identity provider. |
providerUrl
Type:
Identity
The url of the provider of for which the role is mapped.
mappingKey?
Type:
string
(optional, default: the provided providerUrl)
The key used for the role mapping in the role mapping hash.
Required if the providerUrl is a token.
resolveAmbiguousRoles?
Type:
boolean
(optional, default: false - Ambiguous role resolutions will lead to requester being denied)
Allow for role assumption when results of role mapping are ambiguous.
rules?
Type:
Role
[]
(optional, default: No Rule Mapping Rule)
The claim and value that must be matched in order to assume the role.
Required if useToken is false
useToken?
Type:
boolean
(optional, default: false)
If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from identity provider.