Class: AWSCDK::Cognito::CfnIdentityPoolRoleAttachment::RoleMappingProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
cognito/cfn_identity_pool_role_attachment.rb

Overview

One of a set of RoleMappings , a property of the AWS::Cognito::IdentityPoolRoleAttachment resource that defines the role-mapping attributes of an Amazon Cognito identity pool.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(type:, ambiguous_role_resolution: nil, identity_provider: nil, rules_configuration: nil) ⇒ RoleMappingProperty

Returns a new instance of RoleMappingProperty.

Parameters:

  • type (String)

    The role mapping type.

  • ambiguous_role_resolution (String, nil) (defaults to: nil)

    If you specify Token or Rules as the Type , AmbiguousRoleResolution is required.

  • identity_provider (String, nil) (defaults to: nil)

    Identifier for the identity provider for which the role is mapped.

  • rules_configuration (AWSCDK::IResolvable, AWSCDK::Cognito::CfnIdentityPoolRoleAttachment::RulesConfigurationTypeProperty, nil) (defaults to: nil)

    The rules to be used for mapping users to roles.



598
599
600
601
602
603
604
605
606
607
# File 'cognito/cfn_identity_pool_role_attachment.rb', line 598

def initialize(type:, ambiguous_role_resolution: nil, identity_provider: nil, rules_configuration: nil)
  @type = type
  Jsii::Type.check_type(@type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "type")
  @ambiguous_role_resolution = ambiguous_role_resolution
  Jsii::Type.check_type(@ambiguous_role_resolution, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "ambiguousRoleResolution") unless @ambiguous_role_resolution.nil?
  @identity_provider = identity_provider
  Jsii::Type.check_type(@identity_provider, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "identityProvider") unless @identity_provider.nil?
  @rules_configuration = rules_configuration.is_a?(Hash) ? ::AWSCDK::Cognito::CfnIdentityPoolRoleAttachment::RulesConfigurationTypeProperty.new(**rules_configuration.transform_keys(&:to_sym)) : rules_configuration
  Jsii::Type.check_type(@rules_configuration, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19jb2duaXRvLkNmbklkZW50aXR5UG9vbFJvbGVBdHRhY2htZW50LlJ1bGVzQ29uZmlndXJhdGlvblR5cGVQcm9wZXJ0eSJ9XX19")), "rulesConfiguration") unless @rules_configuration.nil?
end

Instance Attribute Details

#ambiguous_role_resolutionString? (readonly)

If you specify Token or Rules as the Type , AmbiguousRoleResolution is required.

Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.



622
623
624
# File 'cognito/cfn_identity_pool_role_attachment.rb', line 622

def ambiguous_role_resolution
  @ambiguous_role_resolution
end

#identity_providerString? (readonly)

Identifier for the identity provider for which the role is mapped.

For example: graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id) . This is the identity provider that is used by the user for authentication.

If the identity provider property isn't provided, the key of the entry in the RoleMappings map is used as the identity provider.



631
632
633
# File 'cognito/cfn_identity_pool_role_attachment.rb', line 631

def identity_provider
  @identity_provider
end

#rules_configurationAWSCDK::IResolvable, ... (readonly)

The rules to be used for mapping users to roles.

If you specify "Rules" as the role-mapping type, RulesConfiguration is required.



638
639
640
# File 'cognito/cfn_identity_pool_role_attachment.rb', line 638

def rules_configuration
  @rules_configuration
end

#typeString (readonly)

The role mapping type.

Token will use cognito:roles and cognito:preferred_role claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.



615
616
617
# File 'cognito/cfn_identity_pool_role_attachment.rb', line 615

def type
  @type
end

Class Method Details

.jsii_propertiesObject



640
641
642
643
644
645
646
647
# File 'cognito/cfn_identity_pool_role_attachment.rb', line 640

def self.jsii_properties
  {
    :type => "type",
    :ambiguous_role_resolution => "ambiguousRoleResolution",
    :identity_provider => "identityProvider",
    :rules_configuration => "rulesConfiguration",
  }
end

Instance Method Details

#to_jsiiObject



649
650
651
652
653
654
655
656
657
658
# File 'cognito/cfn_identity_pool_role_attachment.rb', line 649

def to_jsii
  result = {}
  result.merge!({
    "type" => @type,
    "ambiguousRoleResolution" => @ambiguous_role_resolution,
    "identityProvider" => @identity_provider,
    "rulesConfiguration" => @rules_configuration,
  })
  result.compact
end