AWS::Cognito::IdentityPoolRoleAttachment - AWS CloudFormation
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

AWS::Cognito::IdentityPoolRoleAttachment

AWS::Cognito::IdentityPoolRoleAttachment 资源管理 Amazon Cognito 身份池的角色配置。

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

JSON

{ "Type" : "AWS::Cognito::IdentityPoolRoleAttachment", "Properties" : { "IdentityPoolId" : String, "RoleMappings" : Json, "Roles" : Json } }

YAML

Type: AWS::Cognito::IdentityPoolRoleAttachment Properties: IdentityPoolId: String RoleMappings: Json Roles: Json

属性

IdentityPoolId

REGION:GUID 格式的身份池 ID。

必需:是

类型:字符串

Update requires: Replacement

RoleMappings

将特定身份提供商的用户映射到角色的方式。这是 RoleMapping 对象映射到的字符串。该字符串标识身份提供商。例如:“graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id”。

如果在该对象中未提供 IdentityProvider 字段,则将该字符串作为身份提供商名称。

有关详细信息,请参阅 RoleMapping 属性

必需:否

类型:Json

Update requires: No interruption

Roles

与该池关联的角色的映射。对于给定的角色,该键为“authenticated”或“unauthenticated”。值为角色 ARN。

必需:否

类型:Json

Update requires: No interruption

返回值

Ref

在将此资源的逻辑 ID 传递给内部 Ref 函数时,Ref 返回生成的 ID,例如 IdentityPoolRoleAttachment-EXAMPLEwnOR3n

For more information about using the Ref function, see Ref.

示例

为身份池设置角色

以下示例为身份池设置角色。它设置“authenticated”和“unauthenticated”角色,并将两个身份提供商映射到它们。第一个身份提供商是“graph.facebook.com”。第二个身份提供商使用引用以设置身份提供商名称。

JSON

{ "IdentityPoolRoleAttachment":{ "Type":"AWS::Cognito::IdentityPoolRoleAttachment", "Properties":{ "IdentityPoolId":{ "Ref":"IdentityPool" }, "Roles":{ "authenticated":{ "Fn::GetAtt":[ "AuthenticatedRole", "Arn" ] }, "unauthenticated":{ "Fn::GetAtt":[ "UnAuthenticatedRole", "Arn" ] } }, "RoleMappings":{ "graph.facebook.com":{ "IdentityProvider":"graph.facebook.com", "AmbiguousRoleResolution":"Deny", "Type":"Rules", "RulesConfiguration":{ "Rules":[ { "Claim":"sub", "MatchType":"Equals", "RoleARN":{ "Fn::GetAtt":[ "AuthenticatedRole", "Arn" ] }, "Value":"goodvalue" } ] } }, "userpool1":{ "IdentityProvider":{ "Ref":"CognitoUserPool" }, "AmbiguousRoleResolution":"Deny", "Type":"Rules", "RulesConfiguration":{ "Rules":[ { "Claim":"sub", "MatchType":"Equals", "RoleARN":{ "Fn::GetAtt":[ "AuthenticatedRole", "Arn" ] }, "Value":"goodvalue" } ] } } } } } }

YAML

IdentityPoolRoleAttachment: Type: AWS::Cognito::IdentityPoolRoleAttachment Properties: IdentityPoolId: !Ref IdentityPool Roles: "authenticated": !GetAtt AuthenticatedRole.Arn "unauthenticated": !GetAtt UnAuthenticatedRole.Arn RoleMappings: "graph.facebook.com": IdentityProvider: "graph.facebook.com" AmbiguousRoleResolution: Deny Type: Rules RulesConfiguration: Rules: - Claim: "sub" MatchType: "Equals" RoleARN: !GetAtt AuthenticatedRole.Arn Value: "goodvalue" "userpool1": IdentityProvider: !Ref CognitoUserPool AmbiguousRoleResolution: Deny Type: Rules RulesConfiguration: Rules: - Claim: "sub" MatchType: "Equals" RoleARN: !GetAtt AuthenticatedRole.Arn Value: "goodvalue"