Class IdentityPoolRoleAttachment

Provides an AWS Cognito Identity Pool Roles Attachment.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var mainIdentityPool = new Aws.Cognito.IdentityPool("mainIdentityPool", new Aws.Cognito.IdentityPoolArgs
    {
        AllowUnauthenticatedIdentities = false,
        IdentityPoolName = "identity pool",
        SupportedLoginProviders = 
        {
            { "graph.facebook.com", "7346241598935555" },
        },
    });
    var authenticatedRole = new Aws.Iam.Role("authenticatedRole", new Aws.Iam.RoleArgs
    {
        AssumeRolePolicy = mainIdentityPool.Id.Apply(id => @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
  ""Effect"": ""Allow"",
  ""Principal"": {{
    ""Federated"": ""cognito-identity.amazonaws.com""
  }},
  ""Action"": ""sts:AssumeRoleWithWebIdentity"",
  ""Condition"": {{
    ""StringEquals"": {{
      ""cognito-identity.amazonaws.com:aud"": ""{id}""
    }},
    ""ForAnyValue:StringLike"": {{
      ""cognito-identity.amazonaws.com:amr"": ""authenticated""
    }}
  }}
}}
]
}}

"),
    });
    var authenticatedRolePolicy = new Aws.Iam.RolePolicy("authenticatedRolePolicy", new Aws.Iam.RolePolicyArgs
    {
        Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Effect"": ""Allow"",
  ""Action"": [
    ""mobileanalytics:PutEvents"",
    ""cognito-sync:*"",
    ""cognito-identity:*""
  ],
  ""Resource"": [
    ""*""
  ]
}
]
}

",
        Role = authenticatedRole.Id,
    });
    var mainIdentityPoolRoleAttachment = new Aws.Cognito.IdentityPoolRoleAttachment("mainIdentityPoolRoleAttachment", new Aws.Cognito.IdentityPoolRoleAttachmentArgs
    {
        IdentityPoolId = mainIdentityPool.Id,
        RoleMappings = 
        {
            new Aws.Cognito.Inputs.IdentityPoolRoleAttachmentRoleMappingArgs
            {
                AmbiguousRoleResolution = "AuthenticatedRole",
                IdentityProvider = "graph.facebook.com",
                MappingRule = 
                {

                    {
                        { "claim", "isAdmin" },
                        { "matchType", "Equals" },
                        { "roleArn", authenticatedRole.Arn },
                        { "value", "paid" },
                    },
                },
                Type = "Rules",
            },
        },
        Roles = 
        {
            { "authenticated", authenticatedRole.Arn },
        },
    });
}

}
Inheritance
System.Object
Resource
CustomResource
IdentityPoolRoleAttachment
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.Cognito
Assembly: Pulumi.Aws.dll
Syntax
public class IdentityPoolRoleAttachment : CustomResource

Constructors

View Source

IdentityPoolRoleAttachment(String, IdentityPoolRoleAttachmentArgs, CustomResourceOptions)

Create a IdentityPoolRoleAttachment resource with the given unique name, arguments, and options.

Declaration
public IdentityPoolRoleAttachment(string name, IdentityPoolRoleAttachmentArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
IdentityPoolRoleAttachmentArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

IdentityPoolId

An identity pool ID in the format REGION:GUID.

Declaration
public Output<string> IdentityPoolId { get; }
Property Value
Type Description
Output<System.String>
View Source

RoleMappings

A List of Role Mapping.

Declaration
public Output<ImmutableArray<IdentityPoolRoleAttachmentRoleMapping>> RoleMappings { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<IdentityPoolRoleAttachmentRoleMapping>>
View Source

Roles

The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.

Declaration
public Output<ImmutableDictionary<string, string>> Roles { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.String>>

Methods

View Source

Get(String, Input<String>, IdentityPoolRoleAttachmentState, CustomResourceOptions)

Get an existing IdentityPoolRoleAttachment resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static IdentityPoolRoleAttachment Get(string name, Input<string> id, IdentityPoolRoleAttachmentState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
IdentityPoolRoleAttachmentState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
IdentityPoolRoleAttachment