RoleMappingMatchType

class aws_cdk.aws_cognito_identitypool.RoleMappingMatchType(value)

Bases: Enum

(experimental) Types of matches allowed for Role Mapping.

Stability:

experimental

ExampleMetadata:

infused

Example:

from aws_cdk.aws_cognito_identitypool import IdentityPoolProviderUrl, RoleMappingMatchType

# admin_role: iam.Role
# non_admin_role: iam.Role

IdentityPool(self, "myidentitypool",
    identity_pool_name="myidentitypool",
    # Assign specific roles to users based on whether or not the custom admin claim is passed from the identity provider
    role_mappings=[IdentityPoolRoleMapping(
        provider_url=IdentityPoolProviderUrl.AMAZON,
        rules=[RoleMappingRule(
            claim="custom:admin",
            claim_value="admin",
            mapped_role=admin_role
        ), RoleMappingRule(
            claim="custom:admin",
            claim_value="admin",
            match_type=RoleMappingMatchType.NOTEQUAL,
            mapped_role=non_admin_role
        )
        ]
    )]
)

Attributes

CONTAINS

(experimental) The Claim from the token must contain the given value in order for a match.

Stability:

experimental

EQUALS

(experimental) The Claim from the token must equal the given value in order for a match.

Stability:

experimental

NOTEQUAL

(experimental) The Claim from the token must not equal the given value in order for a match.

Stability:

experimental

STARTS_WITH

(experimental) The Claim from the token must start with the given value in order for a match.

Stability:

experimental