SetIdentityPoolRoles - Amazon Cognito Federated Identities
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Sets the roles for an identity pool. These roles are used when making calls to GetCredentialsForIdentity action.

You must use Amazon developer credentials to call this operation.

Request Syntax

{ "IdentityPoolId": "string", "RoleMappings": { "string" : { "AmbiguousRoleResolution": "string", "RulesConfiguration": { "Rules": [ { "Claim": "string", "MatchType": "string", "RoleARN": "string", "Value": "string" } ] }, "Type": "string" } }, "Roles": { "string" : "string" } }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


An identity pool ID in the format REGION:GUID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+:[0-9a-f-]+

Required: Yes


How users for a specific identity provider are to mapped to roles. This is a string to RoleMapping object map. The string identifies the identity provider, for example, or

Up to 25 rules can be specified per identity provider.

Type: String to RoleMapping object map

Map Entries: Maximum number of 10 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Required: No


The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.

Type: String to string map

Map Entries: Maximum number of 2 items.

Key Pattern: (un)?authenticated

Value Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


Thrown if there are parallel requests to modify a resource.

HTTP Status Code: 400


Thrown when the service encounters an error during processing the request.

HTTP Status Code: 500


Thrown for missing or bad input parameter(s).

HTTP Status Code: 400


Thrown when a user is not authorized to access the requested resource.

HTTP Status Code: 400


Thrown when a user tries to use a login which is already linked to another account.

HTTP Status Code: 400


Thrown when the requested resource (for example, a dataset or record) does not exist.

HTTP Status Code: 400


Thrown when a request is throttled.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: