1. Packages
  2. AWS
  3. API Docs
  4. cognito
  5. IdentityPoolRoleAttachment
AWS v6.64.0 published on Friday, Dec 6, 2024 by Pulumi

aws.cognito.IdentityPoolRoleAttachment

Explore with Pulumi AI

aws logo
AWS v6.64.0 published on Friday, Dec 6, 2024 by Pulumi

    Provides an AWS Cognito Identity Pool Roles Attachment.

    Create IdentityPoolRoleAttachment Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new IdentityPoolRoleAttachment(name: string, args: IdentityPoolRoleAttachmentArgs, opts?: CustomResourceOptions);
    @overload
    def IdentityPoolRoleAttachment(resource_name: str,
                                   args: IdentityPoolRoleAttachmentArgs,
                                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def IdentityPoolRoleAttachment(resource_name: str,
                                   opts: Optional[ResourceOptions] = None,
                                   identity_pool_id: Optional[str] = None,
                                   roles: Optional[Mapping[str, str]] = None,
                                   role_mappings: Optional[Sequence[IdentityPoolRoleAttachmentRoleMappingArgs]] = None)
    func NewIdentityPoolRoleAttachment(ctx *Context, name string, args IdentityPoolRoleAttachmentArgs, opts ...ResourceOption) (*IdentityPoolRoleAttachment, error)
    public IdentityPoolRoleAttachment(string name, IdentityPoolRoleAttachmentArgs args, CustomResourceOptions? opts = null)
    public IdentityPoolRoleAttachment(String name, IdentityPoolRoleAttachmentArgs args)
    public IdentityPoolRoleAttachment(String name, IdentityPoolRoleAttachmentArgs args, CustomResourceOptions options)
    
    type: aws:cognito:IdentityPoolRoleAttachment
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args IdentityPoolRoleAttachmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args IdentityPoolRoleAttachmentArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args IdentityPoolRoleAttachmentArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args IdentityPoolRoleAttachmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args IdentityPoolRoleAttachmentArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var identityPoolRoleAttachmentResource = new Aws.Cognito.IdentityPoolRoleAttachment("identityPoolRoleAttachmentResource", new()
    {
        IdentityPoolId = "string",
        Roles = 
        {
            { "string", "string" },
        },
        RoleMappings = new[]
        {
            new Aws.Cognito.Inputs.IdentityPoolRoleAttachmentRoleMappingArgs
            {
                IdentityProvider = "string",
                Type = "string",
                AmbiguousRoleResolution = "string",
                MappingRules = new[]
                {
                    new Aws.Cognito.Inputs.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs
                    {
                        Claim = "string",
                        MatchType = "string",
                        RoleArn = "string",
                        Value = "string",
                    },
                },
            },
        },
    });
    
    example, err := cognito.NewIdentityPoolRoleAttachment(ctx, "identityPoolRoleAttachmentResource", &cognito.IdentityPoolRoleAttachmentArgs{
    	IdentityPoolId: pulumi.String("string"),
    	Roles: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	RoleMappings: cognito.IdentityPoolRoleAttachmentRoleMappingArray{
    		&cognito.IdentityPoolRoleAttachmentRoleMappingArgs{
    			IdentityProvider:        pulumi.String("string"),
    			Type:                    pulumi.String("string"),
    			AmbiguousRoleResolution: pulumi.String("string"),
    			MappingRules: cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArray{
    				&cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs{
    					Claim:     pulumi.String("string"),
    					MatchType: pulumi.String("string"),
    					RoleArn:   pulumi.String("string"),
    					Value:     pulumi.String("string"),
    				},
    			},
    		},
    	},
    })
    
    var identityPoolRoleAttachmentResource = new IdentityPoolRoleAttachment("identityPoolRoleAttachmentResource", IdentityPoolRoleAttachmentArgs.builder()
        .identityPoolId("string")
        .roles(Map.of("string", "string"))
        .roleMappings(IdentityPoolRoleAttachmentRoleMappingArgs.builder()
            .identityProvider("string")
            .type("string")
            .ambiguousRoleResolution("string")
            .mappingRules(IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs.builder()
                .claim("string")
                .matchType("string")
                .roleArn("string")
                .value("string")
                .build())
            .build())
        .build());
    
    identity_pool_role_attachment_resource = aws.cognito.IdentityPoolRoleAttachment("identityPoolRoleAttachmentResource",
        identity_pool_id="string",
        roles={
            "string": "string",
        },
        role_mappings=[{
            "identity_provider": "string",
            "type": "string",
            "ambiguous_role_resolution": "string",
            "mapping_rules": [{
                "claim": "string",
                "match_type": "string",
                "role_arn": "string",
                "value": "string",
            }],
        }])
    
    const identityPoolRoleAttachmentResource = new aws.cognito.IdentityPoolRoleAttachment("identityPoolRoleAttachmentResource", {
        identityPoolId: "string",
        roles: {
            string: "string",
        },
        roleMappings: [{
            identityProvider: "string",
            type: "string",
            ambiguousRoleResolution: "string",
            mappingRules: [{
                claim: "string",
                matchType: "string",
                roleArn: "string",
                value: "string",
            }],
        }],
    });
    
    type: aws:cognito:IdentityPoolRoleAttachment
    properties:
        identityPoolId: string
        roleMappings:
            - ambiguousRoleResolution: string
              identityProvider: string
              mappingRules:
                - claim: string
                  matchType: string
                  roleArn: string
                  value: string
              type: string
        roles:
            string: string
    

    IdentityPoolRoleAttachment Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The IdentityPoolRoleAttachment resource accepts the following input properties:

    IdentityPoolId string
    An identity pool ID in the format REGION_GUID.
    Roles Dictionary<string, string>
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    RoleMappings List<IdentityPoolRoleAttachmentRoleMapping>
    A List of Role Mapping.
    IdentityPoolId string
    An identity pool ID in the format REGION_GUID.
    Roles map[string]string
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    RoleMappings []IdentityPoolRoleAttachmentRoleMappingArgs
    A List of Role Mapping.
    identityPoolId String
    An identity pool ID in the format REGION_GUID.
    roles Map<String,String>
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    roleMappings List<IdentityPoolRoleAttachmentRoleMapping>
    A List of Role Mapping.
    identityPoolId string
    An identity pool ID in the format REGION_GUID.
    roles {[key: string]: string}
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    roleMappings IdentityPoolRoleAttachmentRoleMapping[]
    A List of Role Mapping.
    identity_pool_id str
    An identity pool ID in the format REGION_GUID.
    roles Mapping[str, str]
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    role_mappings Sequence[IdentityPoolRoleAttachmentRoleMappingArgs]
    A List of Role Mapping.
    identityPoolId String
    An identity pool ID in the format REGION_GUID.
    roles Map<String>
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    roleMappings List<Property Map>
    A List of Role Mapping.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the IdentityPoolRoleAttachment resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing IdentityPoolRoleAttachment Resource

    Get an existing IdentityPoolRoleAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: IdentityPoolRoleAttachmentState, opts?: CustomResourceOptions): IdentityPoolRoleAttachment
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            identity_pool_id: Optional[str] = None,
            role_mappings: Optional[Sequence[IdentityPoolRoleAttachmentRoleMappingArgs]] = None,
            roles: Optional[Mapping[str, str]] = None) -> IdentityPoolRoleAttachment
    func GetIdentityPoolRoleAttachment(ctx *Context, name string, id IDInput, state *IdentityPoolRoleAttachmentState, opts ...ResourceOption) (*IdentityPoolRoleAttachment, error)
    public static IdentityPoolRoleAttachment Get(string name, Input<string> id, IdentityPoolRoleAttachmentState? state, CustomResourceOptions? opts = null)
    public static IdentityPoolRoleAttachment get(String name, Output<String> id, IdentityPoolRoleAttachmentState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    IdentityPoolId string
    An identity pool ID in the format REGION_GUID.
    RoleMappings List<IdentityPoolRoleAttachmentRoleMapping>
    A List of Role Mapping.
    Roles Dictionary<string, string>
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    IdentityPoolId string
    An identity pool ID in the format REGION_GUID.
    RoleMappings []IdentityPoolRoleAttachmentRoleMappingArgs
    A List of Role Mapping.
    Roles map[string]string
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    identityPoolId String
    An identity pool ID in the format REGION_GUID.
    roleMappings List<IdentityPoolRoleAttachmentRoleMapping>
    A List of Role Mapping.
    roles Map<String,String>
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    identityPoolId string
    An identity pool ID in the format REGION_GUID.
    roleMappings IdentityPoolRoleAttachmentRoleMapping[]
    A List of Role Mapping.
    roles {[key: string]: string}
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    identity_pool_id str
    An identity pool ID in the format REGION_GUID.
    role_mappings Sequence[IdentityPoolRoleAttachmentRoleMappingArgs]
    A List of Role Mapping.
    roles Mapping[str, str]
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
    identityPoolId String
    An identity pool ID in the format REGION_GUID.
    roleMappings List<Property Map>
    A List of Role Mapping.
    roles Map<String>
    The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.

    Supporting Types

    IdentityPoolRoleAttachmentRoleMapping, IdentityPoolRoleAttachmentRoleMappingArgs

    IdentityProvider string
    A string identifying the identity provider, for example, "graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id". Depends on cognito_identity_providers set on aws.cognito.IdentityPool resource or a aws.cognito.IdentityProvider resource.
    Type string
    The role mapping type.
    AmbiguousRoleResolution string
    Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. Required if you specify Token or Rules as the Type.
    MappingRules List<IdentityPoolRoleAttachmentRoleMappingMappingRule>
    The Rules Configuration to be used for mapping users to roles. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role.
    IdentityProvider string
    A string identifying the identity provider, for example, "graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id". Depends on cognito_identity_providers set on aws.cognito.IdentityPool resource or a aws.cognito.IdentityProvider resource.
    Type string
    The role mapping type.
    AmbiguousRoleResolution string
    Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. Required if you specify Token or Rules as the Type.
    MappingRules []IdentityPoolRoleAttachmentRoleMappingMappingRule
    The Rules Configuration to be used for mapping users to roles. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role.
    identityProvider String
    A string identifying the identity provider, for example, "graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id". Depends on cognito_identity_providers set on aws.cognito.IdentityPool resource or a aws.cognito.IdentityProvider resource.
    type String
    The role mapping type.
    ambiguousRoleResolution String
    Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. Required if you specify Token or Rules as the Type.
    mappingRules List<IdentityPoolRoleAttachmentRoleMappingMappingRule>
    The Rules Configuration to be used for mapping users to roles. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role.
    identityProvider string
    A string identifying the identity provider, for example, "graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id". Depends on cognito_identity_providers set on aws.cognito.IdentityPool resource or a aws.cognito.IdentityProvider resource.
    type string
    The role mapping type.
    ambiguousRoleResolution string
    Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. Required if you specify Token or Rules as the Type.
    mappingRules IdentityPoolRoleAttachmentRoleMappingMappingRule[]
    The Rules Configuration to be used for mapping users to roles. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role.
    identity_provider str
    A string identifying the identity provider, for example, "graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id". Depends on cognito_identity_providers set on aws.cognito.IdentityPool resource or a aws.cognito.IdentityProvider resource.
    type str
    The role mapping type.
    ambiguous_role_resolution str
    Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. Required if you specify Token or Rules as the Type.
    mapping_rules Sequence[IdentityPoolRoleAttachmentRoleMappingMappingRule]
    The Rules Configuration to be used for mapping users to roles. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role.
    identityProvider String
    A string identifying the identity provider, for example, "graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id". Depends on cognito_identity_providers set on aws.cognito.IdentityPool resource or a aws.cognito.IdentityProvider resource.
    type String
    The role mapping type.
    ambiguousRoleResolution String
    Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. Required if you specify Token or Rules as the Type.
    mappingRules List<Property Map>
    The Rules Configuration to be used for mapping users to roles. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role.

    IdentityPoolRoleAttachmentRoleMappingMappingRule, IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs

    Claim string
    The claim name that must be present in the token, for example, "isAdmin" or "paid".
    MatchType string
    The match condition that specifies how closely the claim value in the IdP token must match Value.
    RoleArn string
    The role ARN.
    Value string
    A brief string that the claim must match, for example, "paid" or "yes".
    Claim string
    The claim name that must be present in the token, for example, "isAdmin" or "paid".
    MatchType string
    The match condition that specifies how closely the claim value in the IdP token must match Value.
    RoleArn string
    The role ARN.
    Value string
    A brief string that the claim must match, for example, "paid" or "yes".
    claim String
    The claim name that must be present in the token, for example, "isAdmin" or "paid".
    matchType String
    The match condition that specifies how closely the claim value in the IdP token must match Value.
    roleArn String
    The role ARN.
    value String
    A brief string that the claim must match, for example, "paid" or "yes".
    claim string
    The claim name that must be present in the token, for example, "isAdmin" or "paid".
    matchType string
    The match condition that specifies how closely the claim value in the IdP token must match Value.
    roleArn string
    The role ARN.
    value string
    A brief string that the claim must match, for example, "paid" or "yes".
    claim str
    The claim name that must be present in the token, for example, "isAdmin" or "paid".
    match_type str
    The match condition that specifies how closely the claim value in the IdP token must match Value.
    role_arn str
    The role ARN.
    value str
    A brief string that the claim must match, for example, "paid" or "yes".
    claim String
    The claim name that must be present in the token, for example, "isAdmin" or "paid".
    matchType String
    The match condition that specifies how closely the claim value in the IdP token must match Value.
    roleArn String
    The role ARN.
    value String
    A brief string that the claim must match, for example, "paid" or "yes".

    Import

    Using pulumi import, import Cognito Identity Pool Roles Attachment using the Identity Pool ID. For example:

    $ pulumi import aws:cognito/identityPoolRoleAttachment:IdentityPoolRoleAttachment example us-west-2:b64805ad-cb56-40ba-9ffc-f5d8207e6d42
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.64.0 published on Friday, Dec 6, 2024 by Pulumi