Identity
Provides an AWS Cognito Identity Pool Roles Attachment.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.IdentityPool;
import com.pulumi.aws.cognito.IdentityPoolArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.aws.cognito.IdentityPoolRoleAttachment;
import com.pulumi.aws.cognito.IdentityPoolRoleAttachmentArgs;
import com.pulumi.aws.cognito.inputs.IdentityPoolRoleAttachmentRoleMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var mainIdentityPool = new IdentityPool("mainIdentityPool", IdentityPoolArgs.builder()
.identityPoolName("identity pool")
.allowUnauthenticatedIdentities(false)
.supportedLoginProviders(Map.of("graph.facebook.com", "7346241598935555"))
.build());
var authenticatedRole = new Role("authenticatedRole", RoleArgs.builder()
.assumeRolePolicy(mainIdentityPool.id().applyValue(id -> """
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": "%s"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated"
}
}
}
]
}
", id)))
.build());
var authenticatedRolePolicy = new RolePolicy("authenticatedRolePolicy", RolePolicyArgs.builder()
.role(authenticatedRole.id())
.policy("""
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*",
"cognito-identity:*"
],
"Resource": [
"*"
]
}
]
}
""")
.build());
var mainIdentityPoolRoleAttachment = new IdentityPoolRoleAttachment("mainIdentityPoolRoleAttachment", IdentityPoolRoleAttachmentArgs.builder()
.identityPoolId(mainIdentityPool.id())
.roleMappings(IdentityPoolRoleAttachmentRoleMappingArgs.builder()
.identityProvider("graph.facebook.com")
.ambiguousRoleResolution("AuthenticatedRole")
.type("Rules")
.mappingRules(IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs.builder()
.claim("isAdmin")
.matchType("Equals")
.roleArn(authenticatedRole.arn())
.value("paid")
.build())
.build())
.roles(Map.of("authenticated", authenticatedRole.arn()))
.build());
}
}Content copied to clipboard
Import
Cognito Identity Pool Roles Attachment can be imported using the Identity Pool ID, e.g.,
$ pulumi import aws:cognito/identityPoolRoleAttachment:IdentityPoolRoleAttachment example us-west-2:b64805ad-cb56-40ba-9ffc-f5d8207e6d42Content copied to clipboard