class Aws::CognitoIdentity::Types::RoleMapping
A role mapping.
@note When making an API call, you may pass RoleMapping
data as a hash: { type: "Token", # required, accepts Token, Rules ambiguous_role_resolution: "AuthenticatedRole", # accepts AuthenticatedRole, Deny rules_configuration: { rules: [ # required { claim: "ClaimName", # required match_type: "Equals", # required, accepts Equals, Contains, StartsWith, NotEqual value: "ClaimValue", # required role_arn: "ARNString", # required }, ], }, }
@!attribute [rw] type
The role mapping type. Token will use `cognito:roles` and `cognito:preferred_role` claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role. @return [String]
@!attribute [rw] ambiguous_role_resolution
If you specify Token or Rules as the `Type`, `AmbiguousRoleResolution` is required. Specifies the action to be taken if either no rules match the claim value for the `Rules` type, or there is no `cognito:preferred_role` claim and there are multiple `cognito:roles` matches for the `Token` type. @return [String]
@!attribute [rw] rules_configuration
The rules to be used for mapping users to roles. If you specify Rules as the role mapping type, `RulesConfiguration` is required. @return [Types::RulesConfigurationType]
@see docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/RoleMapping AWS API Documentation
Constants
- SENSITIVE