We recommend new projects start with resources from the AWS provider.
aws-native.cognito.UserPoolGroup
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
Resource Type definition for AWS::Cognito::UserPoolGroup
Create UserPoolGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new UserPoolGroup(name: string, args: UserPoolGroupArgs, opts?: CustomResourceOptions);
@overload
def UserPoolGroup(resource_name: str,
args: UserPoolGroupArgs,
opts: Optional[ResourceOptions] = None)
@overload
def UserPoolGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
user_pool_id: Optional[str] = None,
description: Optional[str] = None,
group_name: Optional[str] = None,
precedence: Optional[int] = None,
role_arn: Optional[str] = None)
func NewUserPoolGroup(ctx *Context, name string, args UserPoolGroupArgs, opts ...ResourceOption) (*UserPoolGroup, error)
public UserPoolGroup(string name, UserPoolGroupArgs args, CustomResourceOptions? opts = null)
public UserPoolGroup(String name, UserPoolGroupArgs args)
public UserPoolGroup(String name, UserPoolGroupArgs args, CustomResourceOptions options)
type: aws-native:cognito:UserPoolGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserPoolGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserPoolGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserPoolGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserPoolGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserPoolGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
UserPoolGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The UserPoolGroup resource accepts the following input properties:
- User
Pool stringId - The ID of the user pool where you want to create a user group.
- Description string
- A description of the group that you're creating.
- Group
Name string - A name for the group. This name must be unique in your user pool.
- Precedence int
A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower
Precedence
values take precedence over groups with higher or nullPrecedence
values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for thecognito:roles
andcognito:preferred_role
claims.Two groups can have the same
Precedence
value. If this happens, neither group takes precedence over the other. If two groups with the samePrecedence
have the same role ARN, that role is used in thecognito:preferred_role
claim in tokens for users in each group. If the two groups have different role ARNs, thecognito:preferred_role
claim isn't set in users' tokens.The default
Precedence
value is null. The maximumPrecedence
value is2^31-1
.- Role
Arn string - The Amazon Resource Name (ARN) for the IAM role that you want to associate with the group. A group role primarily declares a preferred role for the credentials that you get from an identity pool. Amazon Cognito ID tokens have a
cognito:preferred_role
claim that presents the highest-precedence group that a user belongs to. Both ID and access tokens also contain acognito:groups
claim that list all the groups that a user is a member of.
- User
Pool stringId - The ID of the user pool where you want to create a user group.
- Description string
- A description of the group that you're creating.
- Group
Name string - A name for the group. This name must be unique in your user pool.
- Precedence int
A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower
Precedence
values take precedence over groups with higher or nullPrecedence
values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for thecognito:roles
andcognito:preferred_role
claims.Two groups can have the same
Precedence
value. If this happens, neither group takes precedence over the other. If two groups with the samePrecedence
have the same role ARN, that role is used in thecognito:preferred_role
claim in tokens for users in each group. If the two groups have different role ARNs, thecognito:preferred_role
claim isn't set in users' tokens.The default
Precedence
value is null. The maximumPrecedence
value is2^31-1
.- Role
Arn string - The Amazon Resource Name (ARN) for the IAM role that you want to associate with the group. A group role primarily declares a preferred role for the credentials that you get from an identity pool. Amazon Cognito ID tokens have a
cognito:preferred_role
claim that presents the highest-precedence group that a user belongs to. Both ID and access tokens also contain acognito:groups
claim that list all the groups that a user is a member of.
- user
Pool StringId - The ID of the user pool where you want to create a user group.
- description String
- A description of the group that you're creating.
- group
Name String - A name for the group. This name must be unique in your user pool.
- precedence Integer
A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower
Precedence
values take precedence over groups with higher or nullPrecedence
values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for thecognito:roles
andcognito:preferred_role
claims.Two groups can have the same
Precedence
value. If this happens, neither group takes precedence over the other. If two groups with the samePrecedence
have the same role ARN, that role is used in thecognito:preferred_role
claim in tokens for users in each group. If the two groups have different role ARNs, thecognito:preferred_role
claim isn't set in users' tokens.The default
Precedence
value is null. The maximumPrecedence
value is2^31-1
.- role
Arn String - The Amazon Resource Name (ARN) for the IAM role that you want to associate with the group. A group role primarily declares a preferred role for the credentials that you get from an identity pool. Amazon Cognito ID tokens have a
cognito:preferred_role
claim that presents the highest-precedence group that a user belongs to. Both ID and access tokens also contain acognito:groups
claim that list all the groups that a user is a member of.
- user
Pool stringId - The ID of the user pool where you want to create a user group.
- description string
- A description of the group that you're creating.
- group
Name string - A name for the group. This name must be unique in your user pool.
- precedence number
A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower
Precedence
values take precedence over groups with higher or nullPrecedence
values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for thecognito:roles
andcognito:preferred_role
claims.Two groups can have the same
Precedence
value. If this happens, neither group takes precedence over the other. If two groups with the samePrecedence
have the same role ARN, that role is used in thecognito:preferred_role
claim in tokens for users in each group. If the two groups have different role ARNs, thecognito:preferred_role
claim isn't set in users' tokens.The default
Precedence
value is null. The maximumPrecedence
value is2^31-1
.- role
Arn string - The Amazon Resource Name (ARN) for the IAM role that you want to associate with the group. A group role primarily declares a preferred role for the credentials that you get from an identity pool. Amazon Cognito ID tokens have a
cognito:preferred_role
claim that presents the highest-precedence group that a user belongs to. Both ID and access tokens also contain acognito:groups
claim that list all the groups that a user is a member of.
- user_
pool_ strid - The ID of the user pool where you want to create a user group.
- description str
- A description of the group that you're creating.
- group_
name str - A name for the group. This name must be unique in your user pool.
- precedence int
A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower
Precedence
values take precedence over groups with higher or nullPrecedence
values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for thecognito:roles
andcognito:preferred_role
claims.Two groups can have the same
Precedence
value. If this happens, neither group takes precedence over the other. If two groups with the samePrecedence
have the same role ARN, that role is used in thecognito:preferred_role
claim in tokens for users in each group. If the two groups have different role ARNs, thecognito:preferred_role
claim isn't set in users' tokens.The default
Precedence
value is null. The maximumPrecedence
value is2^31-1
.- role_
arn str - The Amazon Resource Name (ARN) for the IAM role that you want to associate with the group. A group role primarily declares a preferred role for the credentials that you get from an identity pool. Amazon Cognito ID tokens have a
cognito:preferred_role
claim that presents the highest-precedence group that a user belongs to. Both ID and access tokens also contain acognito:groups
claim that list all the groups that a user is a member of.
- user
Pool StringId - The ID of the user pool where you want to create a user group.
- description String
- A description of the group that you're creating.
- group
Name String - A name for the group. This name must be unique in your user pool.
- precedence Number
A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower
Precedence
values take precedence over groups with higher or nullPrecedence
values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for thecognito:roles
andcognito:preferred_role
claims.Two groups can have the same
Precedence
value. If this happens, neither group takes precedence over the other. If two groups with the samePrecedence
have the same role ARN, that role is used in thecognito:preferred_role
claim in tokens for users in each group. If the two groups have different role ARNs, thecognito:preferred_role
claim isn't set in users' tokens.The default
Precedence
value is null. The maximumPrecedence
value is2^31-1
.- role
Arn String - The Amazon Resource Name (ARN) for the IAM role that you want to associate with the group. A group role primarily declares a preferred role for the credentials that you get from an identity pool. Amazon Cognito ID tokens have a
cognito:preferred_role
claim that presents the highest-precedence group that a user belongs to. Both ID and access tokens also contain acognito:groups
claim that list all the groups that a user is a member of.
Outputs
All input properties are implicitly available as output properties. Additionally, the UserPoolGroup resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.