AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::CognitoIdentity::Types::RoleMapping

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing RoleMapping as input to an Aws::Client method, you can use a vanilla Hash:

{
  type: "Token", # required, accepts Token, Rules
  ambiguous_role_resolution: "AuthenticatedRole", # accepts AuthenticatedRole, Deny
  rules_configuration: {
    rules: [ # required
      {
        claim: "ClaimName", # required
        match_type: "Equals", # required, accepts Equals, Contains, StartsWith, NotEqual
        value: "ClaimValue", # required
        role_arn: "ARNString", # required
      },
    ],
  },
}

A role mapping.

Instance Attribute Summary collapse

Instance Attribute Details

#ambiguous_role_resolutionString

If you specify Token or Rules as the Type, AmbiguousRoleResolution is required.

Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.

Possible values:

  • AuthenticatedRole
  • Deny

Returns:

  • (String)

    If you specify Token or Rules as the Type, AmbiguousRoleResolution is required.

#rules_configurationTypes::RulesConfigurationType

The rules to be used for mapping users to roles.

If you specify Rules as the role mapping type, RulesConfiguration is required.

Returns:

#typeString

The role mapping type. Token will use cognito:roles and cognito:preferred_role claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.

Possible values:

  • Token
  • Rules

Returns:

  • (String)

    The role mapping type.