aws-cdk-lib.aws_cognito.CfnIdentityPoolRoleAttachment.RoleMappingProperty

interface RoleMappingProperty

LanguageType name
.NETAmazon.CDK.AWS.Cognito.CfnIdentityPoolRoleAttachment.RoleMappingProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscognito#CfnIdentityPoolRoleAttachment_RoleMappingProperty
Javasoftware.amazon.awscdk.services.cognito.CfnIdentityPoolRoleAttachment.RoleMappingProperty
Pythonaws_cdk.aws_cognito.CfnIdentityPoolRoleAttachment.RoleMappingProperty
TypeScript aws-cdk-lib » aws_cognito » CfnIdentityPoolRoleAttachment » RoleMappingProperty

RoleMapping is a property of the AWS::Cognito::IdentityPoolRoleAttachment resource that defines the role-mapping attributes of an Amazon Cognito identity pool.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_cognito as cognito } from 'aws-cdk-lib';
const roleMappingProperty: cognito.CfnIdentityPoolRoleAttachment.RoleMappingProperty = {
  type: 'type',

  // the properties below are optional
  ambiguousRoleResolution: 'ambiguousRoleResolution',
  identityProvider: 'identityProvider',
  rulesConfiguration: {
    rules: [{
      claim: 'claim',
      matchType: 'matchType',
      roleArn: 'roleArn',
      value: 'value',
    }],
  },
};

Properties

NameTypeDescription
typestringThe role-mapping type.
ambiguousRoleResolution?stringSpecifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.
identityProvider?stringIdentifier for the identity provider for which the role is mapped.
rulesConfiguration?IResolvable | RulesConfigurationTypePropertyThe rules to be used for mapping users to roles.

type

Type: string

The role-mapping type.

Token uses cognito:roles and cognito:preferred_role claims from the Amazon Cognito identity provider token to map groups to roles. Rules attempts to match claims from the token to map to a role.

Valid values are Token or Rules .


ambiguousRoleResolution?

Type: string (optional)

Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.

If you specify Token or Rules as the Type, AmbiguousRoleResolution is required.

Valid values are AuthenticatedRole or Deny .


identityProvider?

Type: string (optional)

Identifier for the identity provider for which the role is mapped.

For example: graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id) . This is the identity provider that is used by the user for authentication.

If the identity provider property isn't provided, the key of the entry in the RoleMappings map is used as the identity provider.


rulesConfiguration?

Type: IResolvable | RulesConfigurationTypeProperty (optional)

The rules to be used for mapping users to roles.

If you specify "Rules" as the role-mapping type, RulesConfiguration is required.