Docs Home
We recommend new projects start with resources from the AWS provider.
aws-native.cognito.IdentityPool
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
Resource Type definition for AWS::Cognito::IdentityPool
Create IdentityPool Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IdentityPool(name: string, args: IdentityPoolArgs, opts?: CustomResourceOptions);@overload
def IdentityPool(resource_name: str,
args: IdentityPoolArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IdentityPool(resource_name: str,
opts: Optional[ResourceOptions] = None,
allow_unauthenticated_identities: Optional[bool] = None,
allow_classic_flow: Optional[bool] = None,
cognito_events: Optional[Any] = None,
cognito_identity_providers: Optional[Sequence[IdentityPoolCognitoIdentityProviderArgs]] = None,
cognito_streams: Optional[IdentityPoolCognitoStreamsArgs] = None,
developer_provider_name: Optional[str] = None,
identity_pool_name: Optional[str] = None,
identity_pool_tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
open_id_connect_provider_arns: Optional[Sequence[str]] = None,
push_sync: Optional[IdentityPoolPushSyncArgs] = None,
saml_provider_arns: Optional[Sequence[str]] = None,
supported_login_providers: Optional[Any] = None)func NewIdentityPool(ctx *Context, name string, args IdentityPoolArgs, opts ...ResourceOption) (*IdentityPool, error)public IdentityPool(string name, IdentityPoolArgs args, CustomResourceOptions? opts = null)
public IdentityPool(String name, IdentityPoolArgs args)
public IdentityPool(String name, IdentityPoolArgs args, CustomResourceOptions options)
type: aws-native:cognito:IdentityPool
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IdentityPoolArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IdentityPoolArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IdentityPoolArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IdentityPoolArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IdentityPoolArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
IdentityPool Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IdentityPool resource accepts the following input properties:
- Allow
Unauthenticated boolIdentities - Specifies whether the identity pool supports unauthenticated logins.
- Allow
Classic boolFlow - Enables the Basic (Classic) authentication flow.
- Cognito
Events object The events to configure.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.- Cognito
Identity List<Pulumi.Providers Aws Native. Cognito. Inputs. Identity Pool Cognito Identity Provider> - The Amazon Cognito user pools and their client IDs.
- Cognito
Streams Pulumi.Aws Native. Cognito. Inputs. Identity Pool Cognito Streams - Configuration options for configuring Amazon Cognito streams.
- Developer
Provider stringName The "domain" Amazon Cognito uses when referencing your users. This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the
DeveloperProviderName, you can use letters and periods (.), underscores (_), and dashes (-).Minimum length : 1
Maximum length : 100
- Identity
Pool stringName The name of your Amazon Cognito identity pool.
Minimum length : 1
Maximum length : 128
Pattern :
[\w\s+=,.@-]+-
List<Pulumi.
Aws Native. Inputs. Tag> - An array of key-value pairs to apply to this resource.
- Open
Id List<string>Connect Provider Arns - The Amazon Resource Names (ARNs) of the OpenID connect providers.
- Push
Sync Pulumi.Aws Native. Cognito. Inputs. Identity Pool Push Sync - The configuration options to be applied to the identity pool.
- Saml
Provider List<string>Arns - The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.
- Supported
Login objectProviders Key-value pairs that map provider names to provider app IDs.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.
- Allow
Unauthenticated boolIdentities - Specifies whether the identity pool supports unauthenticated logins.
- Allow
Classic boolFlow - Enables the Basic (Classic) authentication flow.
- Cognito
Events interface{} The events to configure.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.- Cognito
Identity []IdentityProviders Pool Cognito Identity Provider Args - The Amazon Cognito user pools and their client IDs.
- Cognito
Streams IdentityPool Cognito Streams Args - Configuration options for configuring Amazon Cognito streams.
- Developer
Provider stringName The "domain" Amazon Cognito uses when referencing your users. This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the
DeveloperProviderName, you can use letters and periods (.), underscores (_), and dashes (-).Minimum length : 1
Maximum length : 100
- Identity
Pool stringName The name of your Amazon Cognito identity pool.
Minimum length : 1
Maximum length : 128
Pattern :
[\w\s+=,.@-]+-
Tag
Args - An array of key-value pairs to apply to this resource.
- Open
Id []stringConnect Provider Arns - The Amazon Resource Names (ARNs) of the OpenID connect providers.
- Push
Sync IdentityPool Push Sync Args - The configuration options to be applied to the identity pool.
- Saml
Provider []stringArns - The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.
- Supported
Login interface{}Providers Key-value pairs that map provider names to provider app IDs.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.
- allow
Unauthenticated BooleanIdentities - Specifies whether the identity pool supports unauthenticated logins.
- allow
Classic BooleanFlow - Enables the Basic (Classic) authentication flow.
- cognito
Events Object The events to configure.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.- cognito
Identity List<IdentityProviders Pool Cognito Identity Provider> - The Amazon Cognito user pools and their client IDs.
- cognito
Streams IdentityPool Cognito Streams - Configuration options for configuring Amazon Cognito streams.
- developer
Provider StringName The "domain" Amazon Cognito uses when referencing your users. This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the
DeveloperProviderName, you can use letters and periods (.), underscores (_), and dashes (-).Minimum length : 1
Maximum length : 100
- identity
Pool StringName The name of your Amazon Cognito identity pool.
Minimum length : 1
Maximum length : 128
Pattern :
[\w\s+=,.@-]+- List<Tag>
- An array of key-value pairs to apply to this resource.
- open
Id List<String>Connect Provider Arns - The Amazon Resource Names (ARNs) of the OpenID connect providers.
- push
Sync IdentityPool Push Sync - The configuration options to be applied to the identity pool.
- saml
Provider List<String>Arns - The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.
- supported
Login ObjectProviders Key-value pairs that map provider names to provider app IDs.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.
- allow
Unauthenticated booleanIdentities - Specifies whether the identity pool supports unauthenticated logins.
- allow
Classic booleanFlow - Enables the Basic (Classic) authentication flow.
- cognito
Events any The events to configure.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.- cognito
Identity IdentityProviders Pool Cognito Identity Provider[] - The Amazon Cognito user pools and their client IDs.
- cognito
Streams IdentityPool Cognito Streams - Configuration options for configuring Amazon Cognito streams.
- developer
Provider stringName The "domain" Amazon Cognito uses when referencing your users. This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the
DeveloperProviderName, you can use letters and periods (.), underscores (_), and dashes (-).Minimum length : 1
Maximum length : 100
- identity
Pool stringName The name of your Amazon Cognito identity pool.
Minimum length : 1
Maximum length : 128
Pattern :
[\w\s+=,.@-]+- Tag[]
- An array of key-value pairs to apply to this resource.
- open
Id string[]Connect Provider Arns - The Amazon Resource Names (ARNs) of the OpenID connect providers.
- push
Sync IdentityPool Push Sync - The configuration options to be applied to the identity pool.
- saml
Provider string[]Arns - The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.
- supported
Login anyProviders Key-value pairs that map provider names to provider app IDs.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.
- allow_
unauthenticated_ boolidentities - Specifies whether the identity pool supports unauthenticated logins.
- allow_
classic_ boolflow - Enables the Basic (Classic) authentication flow.
- cognito_
events Any The events to configure.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.- cognito_
identity_ Sequence[Identityproviders Pool Cognito Identity Provider Args] - The Amazon Cognito user pools and their client IDs.
- cognito_
streams IdentityPool Cognito Streams Args - Configuration options for configuring Amazon Cognito streams.
- developer_
provider_ strname The "domain" Amazon Cognito uses when referencing your users. This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the
DeveloperProviderName, you can use letters and periods (.), underscores (_), and dashes (-).Minimum length : 1
Maximum length : 100
- identity_
pool_ strname The name of your Amazon Cognito identity pool.
Minimum length : 1
Maximum length : 128
Pattern :
[\w\s+=,.@-]+-
Sequence[Tag
Args] - An array of key-value pairs to apply to this resource.
- open_
id_ Sequence[str]connect_ provider_ arns - The Amazon Resource Names (ARNs) of the OpenID connect providers.
- push_
sync IdentityPool Push Sync Args - The configuration options to be applied to the identity pool.
- saml_
provider_ Sequence[str]arns - The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.
- supported_
login_ Anyproviders Key-value pairs that map provider names to provider app IDs.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.
- allow
Unauthenticated BooleanIdentities - Specifies whether the identity pool supports unauthenticated logins.
- allow
Classic BooleanFlow - Enables the Basic (Classic) authentication flow.
- cognito
Events Any The events to configure.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.- cognito
Identity List<Property Map>Providers - The Amazon Cognito user pools and their client IDs.
- cognito
Streams Property Map - Configuration options for configuring Amazon Cognito streams.
- developer
Provider StringName The "domain" Amazon Cognito uses when referencing your users. This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the
DeveloperProviderName, you can use letters and periods (.), underscores (_), and dashes (-).Minimum length : 1
Maximum length : 100
- identity
Pool StringName The name of your Amazon Cognito identity pool.
Minimum length : 1
Maximum length : 128
Pattern :
[\w\s+=,.@-]+- List<Property Map>
- An array of key-value pairs to apply to this resource.
- open
Id List<String>Connect Provider Arns - The Amazon Resource Names (ARNs) of the OpenID connect providers.
- push
Sync Property Map - The configuration options to be applied to the identity pool.
- saml
Provider List<String>Arns - The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.
- supported
Login AnyProviders Key-value pairs that map provider names to provider app IDs.
Search the CloudFormation User Guide for
AWS::Cognito::IdentityPoolfor more information about the expected schema for this property.
Outputs
All input properties are implicitly available as output properties. Additionally, the IdentityPool resource produces the following output properties:
Supporting Types
IdentityPoolCognitoIdentityProvider, IdentityPoolCognitoIdentityProviderArgs
- Client
Id string - The client ID for the Amazon Cognito user pool.
- Provider
Name string - The provider name for an Amazon Cognito user pool. For example:
cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789. - Server
Side boolToken Check TRUE if server-side token validation is enabled for the identity provider’s token.
After you set the
ServerSideTokenCheckto TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.
- Client
Id string - The client ID for the Amazon Cognito user pool.
- Provider
Name string - The provider name for an Amazon Cognito user pool. For example:
cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789. - Server
Side boolToken Check TRUE if server-side token validation is enabled for the identity provider’s token.
After you set the
ServerSideTokenCheckto TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.
- client
Id String - The client ID for the Amazon Cognito user pool.
- provider
Name String - The provider name for an Amazon Cognito user pool. For example:
cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789. - server
Side BooleanToken Check TRUE if server-side token validation is enabled for the identity provider’s token.
After you set the
ServerSideTokenCheckto TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.
- client
Id string - The client ID for the Amazon Cognito user pool.
- provider
Name string - The provider name for an Amazon Cognito user pool. For example:
cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789. - server
Side booleanToken Check TRUE if server-side token validation is enabled for the identity provider’s token.
After you set the
ServerSideTokenCheckto TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.
- client_
id str - The client ID for the Amazon Cognito user pool.
- provider_
name str - The provider name for an Amazon Cognito user pool. For example:
cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789. - server_
side_ booltoken_ check TRUE if server-side token validation is enabled for the identity provider’s token.
After you set the
ServerSideTokenCheckto TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.
- client
Id String - The client ID for the Amazon Cognito user pool.
- provider
Name String - The provider name for an Amazon Cognito user pool. For example:
cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789. - server
Side BooleanToken Check TRUE if server-side token validation is enabled for the identity provider’s token.
After you set the
ServerSideTokenCheckto TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.
IdentityPoolCognitoStreams, IdentityPoolCognitoStreamsArgs
- Role
Arn string - The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke
PutRecordon your Amazon Cognito stream. - Stream
Name string - The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
- Streaming
Status string - Status of the Amazon Cognito streams. Valid values are:
ENABLEDorDISABLED.
- Role
Arn string - The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke
PutRecordon your Amazon Cognito stream. - Stream
Name string - The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
- Streaming
Status string - Status of the Amazon Cognito streams. Valid values are:
ENABLEDorDISABLED.
- role
Arn String - The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke
PutRecordon your Amazon Cognito stream. - stream
Name String - The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
- streaming
Status String - Status of the Amazon Cognito streams. Valid values are:
ENABLEDorDISABLED.
- role
Arn string - The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke
PutRecordon your Amazon Cognito stream. - stream
Name string - The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
- streaming
Status string - Status of the Amazon Cognito streams. Valid values are:
ENABLEDorDISABLED.
- role_
arn str - The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke
PutRecordon your Amazon Cognito stream. - stream_
name str - The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
- streaming_
status str - Status of the Amazon Cognito streams. Valid values are:
ENABLEDorDISABLED.
- role
Arn String - The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke
PutRecordon your Amazon Cognito stream. - stream
Name String - The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
- streaming
Status String - Status of the Amazon Cognito streams. Valid values are:
ENABLEDorDISABLED.
IdentityPoolPushSync, IdentityPoolPushSyncArgs
- Application
Arns List<string> - The ARNs of the Amazon SNS platform applications that could be used by clients.
- Role
Arn string - An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.
- Application
Arns []string - The ARNs of the Amazon SNS platform applications that could be used by clients.
- Role
Arn string - An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.
- application
Arns List<String> - The ARNs of the Amazon SNS platform applications that could be used by clients.
- role
Arn String - An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.
- application
Arns string[] - The ARNs of the Amazon SNS platform applications that could be used by clients.
- role
Arn string - An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.
- application_
arns Sequence[str] - The ARNs of the Amazon SNS platform applications that could be used by clients.
- role_
arn str - An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.
- application
Arns List<String> - The ARNs of the Amazon SNS platform applications that could be used by clients.
- role
Arn String - An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.
Tag, TagArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.