AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::CognitoIdentity::Types::RoleMapping

  • Object
show all
Defined in:



When passing RoleMapping as input to an Aws::Client method, you can use a vanilla Hash:

  type: "Token", # required, accepts Token, Rules
  ambiguous_role_resolution: "AuthenticatedRole", # accepts AuthenticatedRole, Deny
  rules_configuration: {
    rules: [ # required
        claim: "ClaimName", # required
        match_type: "Equals", # required, accepts Equals, Contains, StartsWith, NotEqual
        value: "ClaimValue", # required
        role_arn: "ARNString", # required

A role mapping.

Instance Attribute Summary collapse

Instance Attribute Details


If you specify Token or Rules as the Type, AmbiguousRoleResolution is required.

Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.

Possible values:

  • AuthenticatedRole
  • Deny


  • (String)

    If you specify Token or Rules as the Type, AmbiguousRoleResolution is required.


The rules to be used for mapping users to roles.

If you specify Rules as the role mapping type, RulesConfiguration is required.



The role mapping type. Token will use cognito:roles and cognito:preferred_role claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.

Possible values:

  • Token
  • Rules


  • (String)

    The role mapping type.