CfnIdentityPoolRoleAttachmentPropsMixin

class aws_cdk.mixins_preview.aws_cognito.mixins.CfnIdentityPoolRoleAttachmentPropsMixin(props, *, strategy=None)

Bases: Mixin

The AWS::Cognito::IdentityPoolRoleAttachment resource manages the role configuration for an Amazon Cognito identity pool.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html

CloudformationResource:

AWS::Cognito::IdentityPoolRoleAttachment

Mixin:

true

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins

# roles: Any

cfn_identity_pool_role_attachment_props_mixin = cognito_mixins.CfnIdentityPoolRoleAttachmentPropsMixin(cognito_mixins.CfnIdentityPoolRoleAttachmentMixinProps(
    identity_pool_id="identityPoolId",
    role_mappings={
        "role_mappings_key": cognito_mixins.CfnIdentityPoolRoleAttachmentPropsMixin.RoleMappingProperty(
            ambiguous_role_resolution="ambiguousRoleResolution",
            identity_provider="identityProvider",
            rules_configuration=cognito_mixins.CfnIdentityPoolRoleAttachmentPropsMixin.RulesConfigurationTypeProperty(
                rules=[cognito_mixins.CfnIdentityPoolRoleAttachmentPropsMixin.MappingRuleProperty(
                    claim="claim",
                    match_type="matchType",
                    role_arn="roleArn",
                    value="value"
                )]
            ),
            type="type"
        )
    },
    roles=roles
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::Cognito::IdentityPoolRoleAttachment.

Parameters:

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:

construct (IConstruct)

Return type:

IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:

construct (IConstruct)

Return type:

bool

Attributes

CFN_PROPERTY_KEYS = ['identityPoolId', 'roleMappings', 'roles']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Mixin.

Stability:

experimental

MappingRuleProperty

class CfnIdentityPoolRoleAttachmentPropsMixin.MappingRuleProperty(*, claim=None, match_type=None, role_arn=None, value=None)

Bases: object

Defines how to map a claim to a role ARN.

Parameters:

  • claim (Optional[str]) – The claim name that must be present in the token. For example: “isAdmin” or “paid”.

  • match_type (Optional[str]) – The match condition that specifies how closely the claim value in the IdP token must match Value . Valid values are: Equals , Contains , StartsWith , and NotEqual .

  • role_arn (Optional[str]) – The Amazon Resource Name (ARN) of the role.

  • value (Optional[str]) – A brief string that the claim must match. For example, “paid” or “yes”.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins

mapping_rule_property = cognito_mixins.CfnIdentityPoolRoleAttachmentPropsMixin.MappingRuleProperty(
    claim="claim",
    match_type="matchType",
    role_arn="roleArn",
    value="value"
)

Attributes

claim

The claim name that must be present in the token.

For example: “isAdmin” or “paid”.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-claim

match_type

The match condition that specifies how closely the claim value in the IdP token must match Value .

Valid values are: Equals , Contains , StartsWith , and NotEqual .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-matchtype

role_arn

The Amazon Resource Name (ARN) of the role.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-rolearn

value

A brief string that the claim must match.

For example, “paid” or “yes”.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-value

RoleMappingProperty

class CfnIdentityPoolRoleAttachmentPropsMixin.RoleMappingProperty(*, ambiguous_role_resolution=None, identity_provider=None, rules_configuration=None, type=None)

Bases: object

One of a set of RoleMappings , a property of the AWS::Cognito::IdentityPoolRoleAttachment resource that defines the role-mapping attributes of an Amazon Cognito identity pool.

Parameters:

  • ambiguous_role_resolution (Optional[str]) – If you specify Token or Rules as the Type , AmbiguousRoleResolution is required. Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.

  • identity_provider (Optional[str]) – Identifier for the identity provider for which the role is mapped. For example: graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id) . This is the identity provider that is used by the user for authentication. If the identity provider property isn’t provided, the key of the entry in the RoleMappings map is used as the identity provider.

  • rules_configuration (Union[IResolvable, RulesConfigurationTypeProperty, Dict[str, Any], None]) – The rules to be used for mapping users to roles. If you specify “Rules” as the role-mapping type, RulesConfiguration is required.

  • type (Optional[str]) – The role mapping type. Token will use cognito:roles and cognito:preferred_role claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins

role_mapping_property = cognito_mixins.CfnIdentityPoolRoleAttachmentPropsMixin.RoleMappingProperty(
    ambiguous_role_resolution="ambiguousRoleResolution",
    identity_provider="identityProvider",
    rules_configuration=cognito_mixins.CfnIdentityPoolRoleAttachmentPropsMixin.RulesConfigurationTypeProperty(
        rules=[cognito_mixins.CfnIdentityPoolRoleAttachmentPropsMixin.MappingRuleProperty(
            claim="claim",
            match_type="matchType",
            role_arn="roleArn",
            value="value"
        )]
    ),
    type="type"
)

Attributes

ambiguous_role_resolution

If you specify Token or Rules as the Type , AmbiguousRoleResolution is required.

Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-ambiguousroleresolution

identity_provider

Identifier for the identity provider for which the role is mapped.

For example: graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id) . This is the identity provider that is used by the user for authentication.

If the identity provider property isn’t provided, the key of the entry in the RoleMappings map is used as the identity provider.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-identityprovider

rules_configuration

The rules to be used for mapping users to roles.

If you specify “Rules” as the role-mapping type, RulesConfiguration is required.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-rulesconfiguration

type

The role mapping type.

Token will use cognito:roles and cognito:preferred_role claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-type

RulesConfigurationTypeProperty

class CfnIdentityPoolRoleAttachmentPropsMixin.RulesConfigurationTypeProperty(*, rules=None)

Bases: object

RulesConfigurationType is a subproperty of the RoleMapping property that defines the rules to be used for mapping users to roles.

Parameters:

rules (Union[IResolvable, Sequence[Union[IResolvable, MappingRuleProperty, Dict[str, Any]]], None]) – The rules. You can specify up to 25 rules per identity provider.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rulesconfigurationtype.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins

rules_configuration_type_property = cognito_mixins.CfnIdentityPoolRoleAttachmentPropsMixin.RulesConfigurationTypeProperty(
    rules=[cognito_mixins.CfnIdentityPoolRoleAttachmentPropsMixin.MappingRuleProperty(
        claim="claim",
        match_type="matchType",
        role_arn="roleArn",
        value="value"
    )]
)

Attributes

rules

The rules.

You can specify up to 25 rules per identity provider.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rulesconfigurationtype.html#cfn-cognito-identitypoolroleattachment-rulesconfigurationtype-rules