AWS::Cognito::IdentityPoolPrincipalTag - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Cognito::IdentityPoolPrincipalTag

A list of the identity pool principal tag assignments for attributes for access control.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Cognito::IdentityPoolPrincipalTag",
  "Properties" : {
      "IdentityPoolId" : String,
      "IdentityProviderName" : String,
      "PrincipalTags" : Json,
      "UseDefaults" : Boolean
    }
}

YAML

Type: AWS::Cognito::IdentityPoolPrincipalTag
Properties:
  IdentityPoolId: String
  IdentityProviderName: String
  PrincipalTags: Json
  UseDefaults: Boolean

Properties

IdentityPoolId

The identity pool that you want to associate with this principal tag map.

Required: Yes

Type: String

Update requires: Replacement

IdentityProviderName

The identity pool identity provider (IdP) that you want to associate with this principal tag map.

Required: Yes

Type: String

Update requires: Replacement

PrincipalTags

A JSON-formatted list of user claims and the principal tags that you want to associate with them. When Amazon Cognito requests credentials, it sets the value of the principal tag to the value of the user's claim.

Required: No

Type: Json

Update requires: No interruption

UseDefaults

Use a default set of mappings between claims and tags for this provider, instead of a custom map.

Required: No

Type: Boolean

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the principal tag primary ID, like us-east-1:1cf667a2-49a6-454b-9e45-23199EXAMPLE|graph.facebook.com.

Examples

Creating a new principal tag attribute map for an identity pool

The following example maps the claim aud to principal tag app_id and the claim sub to user_id in the identity pool Example_pool.

YAML


  AWSTemplateFormatVersion: "2010-09-09"
  Description: Cognito Principal Tags Example  
  Resources:
    ExamplePool: 
      Type: AWS::Cognito::IdentityPool
        Properties:
          IdentityPoolName: 'example_pool'
          AllowUnauthenticatedIdentities: True      
          SupportedLoginProviders:
            "graph.facebook.com": "abcdExampleClientId"
    PrincipalTags:
      Type: AWS::Cognito::IdentityPoolPrincipalTag
        Properties:
          IdentityPoolId: !Ref 'ExamplePool'
          IdentityProviderName: "graph.facebook.com"
          PrincipalTags:                 
            app_id: "aud"
            user_id: "sub"
          UseDefaults: false