IdentityPool

Provides an AWS Cognito Identity Pool.

Example Usage

using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var @default = new Aws.Iam.SamlProvider("default", new Aws.Iam.SamlProviderArgs
        {
            SamlMetadataDocument = File.ReadAllText("saml-metadata.xml"),
        });
        var main = new Aws.Cognito.IdentityPool("main", new Aws.Cognito.IdentityPoolArgs
        {
            AllowUnauthenticatedIdentities = false,
            CognitoIdentityProviders = 
            {
                new Aws.Cognito.Inputs.IdentityPoolCognitoIdentityProviderArgs
                {
                    ClientId = "6lhlkkfbfb4q5kpp90urffae",
                    ProviderName = "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ",
                    ServerSideTokenCheck = false,
                },
                new Aws.Cognito.Inputs.IdentityPoolCognitoIdentityProviderArgs
                {
                    ClientId = "7kodkvfqfb4qfkp39eurffae",
                    ProviderName = "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu",
                    ServerSideTokenCheck = false,
                },
            },
            IdentityPoolName = "identity pool",
            OpenidConnectProviderArns = 
            {
                "arn:aws:iam::123456789012:oidc-provider/foo.example.com",
            },
            SamlProviderArns = 
            {
                @default.Arn,
            },
            SupportedLoginProviders = 
            {
                { "accounts.google.com", "123456789012.apps.googleusercontent.com" },
                { "graph.facebook.com", "7346241598935552" },
            },
        });
    }

}

Coming soon!

import pulumi
import pulumi_aws as aws

default = aws.iam.SamlProvider("default", saml_metadata_document=(lambda path: open(path).read())("saml-metadata.xml"))
main = aws.cognito.IdentityPool("main",
    allow_unauthenticated_identities=False,
    cognito_identity_providers=[
        {
            "client_id": "6lhlkkfbfb4q5kpp90urffae",
            "provider_name": "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ",
            "serverSideTokenCheck": False,
        },
        {
            "client_id": "7kodkvfqfb4qfkp39eurffae",
            "provider_name": "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu",
            "serverSideTokenCheck": False,
        },
    ],
    identity_pool_name="identity pool",
    openid_connect_provider_arns=["arn:aws:iam::123456789012:oidc-provider/foo.example.com"],
    saml_provider_arns=[default.arn],
    supported_login_providers={
        "accounts.google.com": "123456789012.apps.googleusercontent.com",
        "graph.facebook.com": "7346241598935552",
    })

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";

const defaultSamlProvider = new aws.iam.SamlProvider("default", {
    samlMetadataDocument: fs.readFileSync("saml-metadata.xml", "utf-8"),
});
const main = new aws.cognito.IdentityPool("main", {
    allowUnauthenticatedIdentities: false,
    cognitoIdentityProviders: [
        {
            clientId: "6lhlkkfbfb4q5kpp90urffae",
            providerName: "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ",
            serverSideTokenCheck: false,
        },
        {
            clientId: "7kodkvfqfb4qfkp39eurffae",
            providerName: "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu",
            serverSideTokenCheck: false,
        },
    ],
    identityPoolName: "identity pool",
    openidConnectProviderArns: ["arn:aws:iam::123456789012:oidc-provider/foo.example.com"],
    samlProviderArns: [defaultSamlProvider.arn],
    supportedLoginProviders: {
        "accounts.google.com": "123456789012.apps.googleusercontent.com",
        "graph.facebook.com": "7346241598935552",
    },
});

Create a IdentityPool Resource

new IdentityPool(name: string, args: IdentityPoolArgs, opts?: CustomResourceOptions);

def IdentityPool(resource_name, opts=None, allow_unauthenticated_identities=None, cognito_identity_providers=None, developer_provider_name=None, identity_pool_name=None, openid_connect_provider_arns=None, saml_provider_arns=None, supported_login_providers=None, tags=None, __props__=None);

func NewIdentityPool(ctx *Context, name string, args IdentityPoolArgs, opts ...ResourceOption) (*IdentityPool, error)

public IdentityPool(string name, IdentityPoolArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args IdentityPoolArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IdentityPoolArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IdentityPoolArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

IdentityPool Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The IdentityPool resource accepts the following input properties:

IdentityPoolName string: The Cognito Identity Pool name.
AllowUnauthenticatedIdentities bool: Whether the identity pool supports unauthenticated logins or not.
CognitoIdentityProviders List<IdentityPoolCognitoIdentityProviderArgs>: An array of Amazon Cognito Identity user pools and their client IDs.
DeveloperProviderName string: The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.
OpenidConnectProviderArns List<string>: A list of OpendID Connect provider ARNs.
SamlProviderArns List<string>: An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.
SupportedLoginProviders Dictionary<string, string>: Key-Value pairs mapping provider names to provider app IDs.
Tags Dictionary<string, string>: A map of tags to assign to the Identity Pool.

IdentityPoolName string: The Cognito Identity Pool name.
AllowUnauthenticatedIdentities bool: Whether the identity pool supports unauthenticated logins or not.
CognitoIdentityProviders []IdentityPoolCognitoIdentityProvider: An array of Amazon Cognito Identity user pools and their client IDs.
DeveloperProviderName string: The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.
OpenidConnectProviderArns []string: A list of OpendID Connect provider ARNs.
SamlProviderArns []string: An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.
SupportedLoginProviders map[string]string: Key-Value pairs mapping provider names to provider app IDs.
Tags map[string]string: A map of tags to assign to the Identity Pool.

identityPoolName string: The Cognito Identity Pool name.
allowUnauthenticatedIdentities boolean: Whether the identity pool supports unauthenticated logins or not.
cognitoIdentityProviders IdentityPoolCognitoIdentityProvider[]: An array of Amazon Cognito Identity user pools and their client IDs.
developerProviderName string: The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.
openidConnectProviderArns string[]: A list of OpendID Connect provider ARNs.
samlProviderArns string[]: An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.
supportedLoginProviders {[key: string]: string}: Key-Value pairs mapping provider names to provider app IDs.
tags {[key: string]: string}: A map of tags to assign to the Identity Pool.

identity_pool_name str: The Cognito Identity Pool name.
allow_unauthenticated_identities bool: Whether the identity pool supports unauthenticated logins or not.
cognito_identity_providers List[IdentityPoolCognitoIdentityProvider]: An array of Amazon Cognito Identity user pools and their client IDs.
developer_provider_name str: The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.
openid_connect_provider_arns List[str]: A list of OpendID Connect provider ARNs.
saml_provider_arns List[str]: An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.
supported_login_providers Dict[str, str]: Key-Value pairs mapping provider names to provider app IDs.
tags Dict[str, str]: A map of tags to assign to the Identity Pool.

Outputs

All input properties are implicitly available as output properties. Additionally, the IdentityPool resource produces the following output properties:

Arn string: The ARN of the identity pool.
Id string: The provider-assigned unique ID for this managed resource.

Arn string: The ARN of the identity pool.
Id string: The provider-assigned unique ID for this managed resource.

arn string: The ARN of the identity pool.
id string: The provider-assigned unique ID for this managed resource.

arn str: The ARN of the identity pool.
id str: The provider-assigned unique ID for this managed resource.

Look up an Existing IdentityPool Resource

Get an existing IdentityPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IdentityPoolState, opts?: CustomResourceOptions): IdentityPool

static get(resource_name, id, opts=None, allow_unauthenticated_identities=None, arn=None, cognito_identity_providers=None, developer_provider_name=None, identity_pool_name=None, openid_connect_provider_arns=None, saml_provider_arns=None, supported_login_providers=None, tags=None, __props__=None);

func GetIdentityPool(ctx *Context, name string, id IDInput, state *IdentityPoolState, opts ...ResourceOption) (*IdentityPool, error)

public static IdentityPool Get(string name, Input<string> id, IdentityPoolState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowUnauthenticatedIdentities bool: Whether the identity pool supports unauthenticated logins or not.
Arn string: The ARN of the identity pool.
CognitoIdentityProviders List<IdentityPoolCognitoIdentityProviderArgs>: An array of Amazon Cognito Identity user pools and their client IDs.
DeveloperProviderName string: The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.
IdentityPoolName string: The Cognito Identity Pool name.
OpenidConnectProviderArns List<string>: A list of OpendID Connect provider ARNs.
SamlProviderArns List<string>: An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.
SupportedLoginProviders Dictionary<string, string>: Key-Value pairs mapping provider names to provider app IDs.
Tags Dictionary<string, string>: A map of tags to assign to the Identity Pool.

AllowUnauthenticatedIdentities bool: Whether the identity pool supports unauthenticated logins or not.
Arn string: The ARN of the identity pool.
CognitoIdentityProviders []IdentityPoolCognitoIdentityProvider: An array of Amazon Cognito Identity user pools and their client IDs.
DeveloperProviderName string: The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.
IdentityPoolName string: The Cognito Identity Pool name.
OpenidConnectProviderArns []string: A list of OpendID Connect provider ARNs.
SamlProviderArns []string: An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.
SupportedLoginProviders map[string]string: Key-Value pairs mapping provider names to provider app IDs.
Tags map[string]string: A map of tags to assign to the Identity Pool.

allowUnauthenticatedIdentities boolean: Whether the identity pool supports unauthenticated logins or not.
arn string: The ARN of the identity pool.
cognitoIdentityProviders IdentityPoolCognitoIdentityProvider[]: An array of Amazon Cognito Identity user pools and their client IDs.
developerProviderName string: The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.
identityPoolName string: The Cognito Identity Pool name.
openidConnectProviderArns string[]: A list of OpendID Connect provider ARNs.
samlProviderArns string[]: An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.
supportedLoginProviders {[key: string]: string}: Key-Value pairs mapping provider names to provider app IDs.
tags {[key: string]: string}: A map of tags to assign to the Identity Pool.

allow_unauthenticated_identities bool: Whether the identity pool supports unauthenticated logins or not.
arn str: The ARN of the identity pool.
cognito_identity_providers List[IdentityPoolCognitoIdentityProvider]: An array of Amazon Cognito Identity user pools and their client IDs.
developer_provider_name str: The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.
identity_pool_name str: The Cognito Identity Pool name.
openid_connect_provider_arns List[str]: A list of OpendID Connect provider ARNs.
saml_provider_arns List[str]: An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.
supported_login_providers Dict[str, str]: Key-Value pairs mapping provider names to provider app IDs.
tags Dict[str, str]: A map of tags to assign to the Identity Pool.

Supporting Types

IdentityPoolCognitoIdentityProvider

See the input and output API doc for this type.

ClientId string: The client ID for the Amazon Cognito Identity User Pool.
ProviderName string: The provider name for an Amazon Cognito Identity User Pool.
ServerSideTokenCheck bool: Whether server-side token validation is enabled for the identity provider’s token or not.

ClientId string: The client ID for the Amazon Cognito Identity User Pool.
ProviderName string: The provider name for an Amazon Cognito Identity User Pool.
ServerSideTokenCheck bool: Whether server-side token validation is enabled for the identity provider’s token or not.

clientId string: The client ID for the Amazon Cognito Identity User Pool.
providerName string: The provider name for an Amazon Cognito Identity User Pool.
serverSideTokenCheck boolean: Whether server-side token validation is enabled for the identity provider’s token or not.

client_id str: The client ID for the Amazon Cognito Identity User Pool.
provider_name str: The provider name for an Amazon Cognito Identity User Pool.
serverSideTokenCheck bool: Whether server-side token validation is enabled for the identity provider’s token or not.

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud