AWS::Cognito::IdentityPoolRoleAttachment MappingRule - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Cognito::IdentityPoolRoleAttachment MappingRule

Defines how to map a claim to a role ARN.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Claim" : String,
  "MatchType" : String,
  "RoleARN" : String,
  "Value" : String
}

YAML

  Claim: String
  MatchType: String
  RoleARN: String
  Value: String

Properties

Claim

The claim name that must be present in the token. For example: "isAdmin" or "paid".

Required: Yes

Type: String

Update requires: No interruption

MatchType

The match condition that specifies how closely the claim value in the IdP token must match Value.

Valid values are: Equals, Contains, StartsWith, and NotEqual.

Required: Yes

Type: String

Update requires: No interruption

RoleARN

The Amazon Resource Name (ARN) of the role.

Required: Yes

Type: String

Update requires: No interruption

Value

A brief string that the claim must match. For example, "paid" or "yes".

Required: Yes

Type: String

Update requires: No interruption