RoleMapping - Amazon Cognito Federated Identities
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

RoleMapping

A role mapping.

Contents

Type

The role mapping type. Token will use cognito:roles and cognito:preferred_role claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.

Type: String

Valid Values: Token | Rules

Required: Yes

AmbiguousRoleResolution

If you specify Token or Rules as the Type, AmbiguousRoleResolution is required.

Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.

Type: String

Valid Values: AuthenticatedRole | Deny

Required: No

RulesConfiguration

The rules to be used for mapping users to roles.

If you specify Rules as the role mapping type, RulesConfiguration is required.

Type: RulesConfigurationType object

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: