pulumi-aws-kotlin/com.pulumi.aws.cognito.kotlin/UserGroup

UserGroup

class UserGroup : KotlinCustomResource

Provides a Cognito User Group resource.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.cognito.UserGroup;
import com.pulumi.aws.cognito.UserGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var mainUserPool = new UserPool("mainUserPool");
        final var groupRolePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Federated")
                    .identifiers("cognito-identity.amazonaws.com")
                    .build())
                .actions("sts:AssumeRoleWithWebIdentity")
                .conditions(
                    GetPolicyDocumentStatementConditionArgs.builder()
                        .test("StringEquals")
                        .variable("cognito-identity.amazonaws.com:aud")
                        .values("us-east-1:12345678-dead-beef-cafe-123456790ab")
                        .build(),
                    GetPolicyDocumentStatementConditionArgs.builder()
                        .test("ForAnyValue:StringLike")
                        .variable("cognito-identity.amazonaws.com:amr")
                        .values("authenticated")
                        .build())
                .build())
            .build());
        var groupRoleRole = new Role("groupRoleRole", RoleArgs.builder()
            .assumeRolePolicy(groupRolePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
        var mainUserGroup = new UserGroup("mainUserGroup", UserGroupArgs.builder()
            .userPoolId(mainUserPool.id())
            .description("Managed by Pulumi")
            .precedence(42)
            .roleArn(groupRoleRole.arn())
            .build());
    }
}
Content copied to clipboard

Import

Cognito User Groups can be imported using the user_pool_id/name attributes concatenated, e.g.,

$ pulumi import aws:cognito/userGroup:UserGroup group us-east-1_vG78M4goG/user-group
Content copied to clipboard

Properties

Link copied to clipboard
val description: Output<String>?

The description of the user group.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val name: Output<String>

The name of the user group.

Link copied to clipboard
val precedence: Output<Int>?

The precedence of the user group.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val roleArn: Output<String>?

The ARN of the IAM role to be associated with the user group.

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val userPoolId: Output<String>

The user pool ID.