class Aws::CognitoIdentity::Types::RoleMapping

A role mapping.

@note When making an API call, you may pass RoleMapping

data as a hash:

    {
      type: "Token", # required, accepts Token, Rules
      ambiguous_role_resolution: "AuthenticatedRole", # accepts AuthenticatedRole, Deny
      rules_configuration: {
        rules: [ # required
          {
            claim: "ClaimName", # required
            match_type: "Equals", # required, accepts Equals, Contains, StartsWith, NotEqual
            value: "ClaimValue", # required
            role_arn: "ARNString", # required
          },
        ],
      },
    }

@!attribute [rw] type

The role mapping type. Token will use `cognito:roles` and
`cognito:preferred_role` claims from the Cognito identity provider
token to map groups to roles. Rules will attempt to match claims
from the token to map to a role.
@return [String]

@!attribute [rw] ambiguous_role_resolution

If you specify Token or Rules as the `Type`,
`AmbiguousRoleResolution` is required.

Specifies the action to be taken if either no rules match the claim
value for the `Rules` type, or there is no `cognito:preferred_role`
claim and there are multiple `cognito:roles` matches for the `Token`
type.
@return [String]

@!attribute [rw] rules_configuration

The rules to be used for mapping users to roles.

If you specify Rules as the role mapping type, `RulesConfiguration`
is required.
@return [Types::RulesConfigurationType]

@see docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/RoleMapping AWS API Documentation

Constants

SENSITIVE