This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::Cognito::IdentityPoolRoleAttachment RoleMapping One of a set of `RoleMappings`, a property of the [AWS::Cognito::IdentityPoolRoleAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html) resource that defines the role-mapping attributes of an Amazon Cognito identity pool. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AmbiguousRoleResolution](#cfn-cognito-identitypoolroleattachment-rolemapping-ambiguousroleresolution)" : String, "[IdentityProvider](#cfn-cognito-identitypoolroleattachment-rolemapping-identityprovider)" : String, "[RulesConfiguration](#cfn-cognito-identitypoolroleattachment-rolemapping-rulesconfiguration)" : RulesConfigurationType, "[Type](#cfn-cognito-identitypoolroleattachment-rolemapping-type)" : String } ``` ### YAML ``` [AmbiguousRoleResolution](#cfn-cognito-identitypoolroleattachment-rolemapping-ambiguousroleresolution): String [IdentityProvider](#cfn-cognito-identitypoolroleattachment-rolemapping-identityprovider): String [RulesConfiguration](#cfn-cognito-identitypoolroleattachment-rolemapping-rulesconfiguration): RulesConfigurationType [Type](#cfn-cognito-identitypoolroleattachment-rolemapping-type): String ``` ## Properties `AmbiguousRoleResolution` If you specify Token or Rules as the `Type`, `AmbiguousRoleResolution` is required. Specifies the action to be taken if either no rules match the claim value for the `Rules` type, or there is no `cognito:preferred_role` claim and there are multiple `cognito:roles` matches for the `Token` type. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityProvider` Identifier for the identity provider for which the role is mapped. For example: `graph.facebook.com` or `cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id)`. This is the identity provider that is used by the user for authentication. If the identity provider property isn't provided, the key of the entry in the `RoleMappings` map is used as the identity provider. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RulesConfiguration` The rules to be used for mapping users to roles. If you specify "Rules" as the role-mapping type, RulesConfiguration is required. *Required*: No *Type*: [RulesConfigurationType](aws-properties-cognito-identitypoolroleattachment-rulesconfigurationtype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` The role mapping type. Token will use `cognito:roles` and `cognito:preferred_role` claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)