Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.verifiedpermissions.IdentitySource
Explore with Pulumi AI
Resource for managing an AWS Verified Permissions Identity Source.
Example Usage
Cognito User Pool Configuration Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedpermissions.PolicyStore("example", {validationSettings: {
mode: "STRICT",
}});
const exampleUserPool = new aws.cognito.UserPool("example", {name: "example"});
const exampleUserPoolClient = new aws.cognito.UserPoolClient("example", {
name: "example",
userPoolId: exampleUserPool.id,
explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],
});
const exampleIdentitySource = new aws.verifiedpermissions.IdentitySource("example", {
policyStoreId: example.id,
configuration: {
cognitoUserPoolConfiguration: {
userPoolArn: exampleUserPool.arn,
clientIds: [exampleUserPoolClient.id],
},
},
});
import pulumi
import pulumi_aws as aws
example = aws.verifiedpermissions.PolicyStore("example", validation_settings={
"mode": "STRICT",
})
example_user_pool = aws.cognito.UserPool("example", name="example")
example_user_pool_client = aws.cognito.UserPoolClient("example",
name="example",
user_pool_id=example_user_pool.id,
explicit_auth_flows=["ADMIN_NO_SRP_AUTH"])
example_identity_source = aws.verifiedpermissions.IdentitySource("example",
policy_store_id=example.id,
configuration={
"cognito_user_pool_configuration": {
"user_pool_arn": example_user_pool.arn,
"client_ids": [example_user_pool_client.id],
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/verifiedpermissions"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := verifiedpermissions.NewPolicyStore(ctx, "example", &verifiedpermissions.PolicyStoreArgs{
ValidationSettings: &verifiedpermissions.PolicyStoreValidationSettingsArgs{
Mode: pulumi.String("STRICT"),
},
})
if err != nil {
return err
}
exampleUserPool, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
Name: pulumi.String("example"),
})
if err != nil {
return err
}
exampleUserPoolClient, err := cognito.NewUserPoolClient(ctx, "example", &cognito.UserPoolClientArgs{
Name: pulumi.String("example"),
UserPoolId: exampleUserPool.ID(),
ExplicitAuthFlows: pulumi.StringArray{
pulumi.String("ADMIN_NO_SRP_AUTH"),
},
})
if err != nil {
return err
}
_, err = verifiedpermissions.NewIdentitySource(ctx, "example", &verifiedpermissions.IdentitySourceArgs{
PolicyStoreId: example.ID(),
Configuration: &verifiedpermissions.IdentitySourceConfigurationArgs{
CognitoUserPoolConfiguration: &verifiedpermissions.IdentitySourceConfigurationCognitoUserPoolConfigurationArgs{
UserPoolArn: exampleUserPool.Arn,
ClientIds: pulumi.StringArray{
exampleUserPoolClient.ID(),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VerifiedPermissions.PolicyStore("example", new()
{
ValidationSettings = new Aws.VerifiedPermissions.Inputs.PolicyStoreValidationSettingsArgs
{
Mode = "STRICT",
},
});
var exampleUserPool = new Aws.Cognito.UserPool("example", new()
{
Name = "example",
});
var exampleUserPoolClient = new Aws.Cognito.UserPoolClient("example", new()
{
Name = "example",
UserPoolId = exampleUserPool.Id,
ExplicitAuthFlows = new[]
{
"ADMIN_NO_SRP_AUTH",
},
});
var exampleIdentitySource = new Aws.VerifiedPermissions.IdentitySource("example", new()
{
PolicyStoreId = example.Id,
Configuration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationArgs
{
CognitoUserPoolConfiguration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationCognitoUserPoolConfigurationArgs
{
UserPoolArn = exampleUserPool.Arn,
ClientIds = new[]
{
exampleUserPoolClient.Id,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.verifiedpermissions.PolicyStore;
import com.pulumi.aws.verifiedpermissions.PolicyStoreArgs;
import com.pulumi.aws.verifiedpermissions.inputs.PolicyStoreValidationSettingsArgs;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import com.pulumi.aws.verifiedpermissions.IdentitySource;
import com.pulumi.aws.verifiedpermissions.IdentitySourceArgs;
import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationArgs;
import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationCognitoUserPoolConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new PolicyStore("example", PolicyStoreArgs.builder()
.validationSettings(PolicyStoreValidationSettingsArgs.builder()
.mode("STRICT")
.build())
.build());
var exampleUserPool = new UserPool("exampleUserPool", UserPoolArgs.builder()
.name("example")
.build());
var exampleUserPoolClient = new UserPoolClient("exampleUserPoolClient", UserPoolClientArgs.builder()
.name("example")
.userPoolId(exampleUserPool.id())
.explicitAuthFlows("ADMIN_NO_SRP_AUTH")
.build());
var exampleIdentitySource = new IdentitySource("exampleIdentitySource", IdentitySourceArgs.builder()
.policyStoreId(example.id())
.configuration(IdentitySourceConfigurationArgs.builder()
.cognitoUserPoolConfiguration(IdentitySourceConfigurationCognitoUserPoolConfigurationArgs.builder()
.userPoolArn(exampleUserPool.arn())
.clientIds(exampleUserPoolClient.id())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:verifiedpermissions:PolicyStore
properties:
validationSettings:
mode: STRICT
exampleUserPool:
type: aws:cognito:UserPool
name: example
properties:
name: example
exampleUserPoolClient:
type: aws:cognito:UserPoolClient
name: example
properties:
name: example
userPoolId: ${exampleUserPool.id}
explicitAuthFlows:
- ADMIN_NO_SRP_AUTH
exampleIdentitySource:
type: aws:verifiedpermissions:IdentitySource
name: example
properties:
policyStoreId: ${example.id}
configuration:
cognitoUserPoolConfiguration:
userPoolArn: ${exampleUserPool.arn}
clientIds:
- ${exampleUserPoolClient.id}
OpenID Connect Configuration Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedpermissions.PolicyStore("example", {validationSettings: {
mode: "STRICT",
}});
const exampleIdentitySource = new aws.verifiedpermissions.IdentitySource("example", {
policyStoreId: example.id,
configuration: {
openIdConnectConfiguration: {
issuer: "https://auth.example.com",
tokenSelection: {
accessTokenOnly: {
audiences: ["https://myapp.example.com"],
principalIdClaim: "sub",
},
},
entityIdPrefix: "MyOIDCProvider",
groupConfiguration: {
groupClaim: "groups",
groupEntityType: "MyCorp::UserGroup",
},
},
},
principalEntityType: "MyCorp::User",
});
import pulumi
import pulumi_aws as aws
example = aws.verifiedpermissions.PolicyStore("example", validation_settings={
"mode": "STRICT",
})
example_identity_source = aws.verifiedpermissions.IdentitySource("example",
policy_store_id=example.id,
configuration={
"open_id_connect_configuration": {
"issuer": "https://auth.example.com",
"token_selection": {
"access_token_only": {
"audiences": ["https://myapp.example.com"],
"principal_id_claim": "sub",
},
},
"entity_id_prefix": "MyOIDCProvider",
"group_configuration": {
"group_claim": "groups",
"group_entity_type": "MyCorp::UserGroup",
},
},
},
principal_entity_type="MyCorp::User")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/verifiedpermissions"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := verifiedpermissions.NewPolicyStore(ctx, "example", &verifiedpermissions.PolicyStoreArgs{
ValidationSettings: &verifiedpermissions.PolicyStoreValidationSettingsArgs{
Mode: pulumi.String("STRICT"),
},
})
if err != nil {
return err
}
_, err = verifiedpermissions.NewIdentitySource(ctx, "example", &verifiedpermissions.IdentitySourceArgs{
PolicyStoreId: example.ID(),
Configuration: &verifiedpermissions.IdentitySourceConfigurationArgs{
OpenIdConnectConfiguration: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationArgs{
Issuer: pulumi.String("https://auth.example.com"),
TokenSelection: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs{
AccessTokenOnly: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs{
Audiences: pulumi.StringArray{
pulumi.String("https://myapp.example.com"),
},
PrincipalIdClaim: pulumi.String("sub"),
},
},
EntityIdPrefix: pulumi.String("MyOIDCProvider"),
GroupConfiguration: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs{
GroupClaim: pulumi.String("groups"),
GroupEntityType: pulumi.String("MyCorp::UserGroup"),
},
},
},
PrincipalEntityType: pulumi.String("MyCorp::User"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VerifiedPermissions.PolicyStore("example", new()
{
ValidationSettings = new Aws.VerifiedPermissions.Inputs.PolicyStoreValidationSettingsArgs
{
Mode = "STRICT",
},
});
var exampleIdentitySource = new Aws.VerifiedPermissions.IdentitySource("example", new()
{
PolicyStoreId = example.Id,
Configuration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationArgs
{
OpenIdConnectConfiguration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationArgs
{
Issuer = "https://auth.example.com",
TokenSelection = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs
{
AccessTokenOnly = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs
{
Audiences = new[]
{
"https://myapp.example.com",
},
PrincipalIdClaim = "sub",
},
},
EntityIdPrefix = "MyOIDCProvider",
GroupConfiguration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs
{
GroupClaim = "groups",
GroupEntityType = "MyCorp::UserGroup",
},
},
},
PrincipalEntityType = "MyCorp::User",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.verifiedpermissions.PolicyStore;
import com.pulumi.aws.verifiedpermissions.PolicyStoreArgs;
import com.pulumi.aws.verifiedpermissions.inputs.PolicyStoreValidationSettingsArgs;
import com.pulumi.aws.verifiedpermissions.IdentitySource;
import com.pulumi.aws.verifiedpermissions.IdentitySourceArgs;
import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationArgs;
import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationOpenIdConnectConfigurationArgs;
import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs;
import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs;
import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new PolicyStore("example", PolicyStoreArgs.builder()
.validationSettings(PolicyStoreValidationSettingsArgs.builder()
.mode("STRICT")
.build())
.build());
var exampleIdentitySource = new IdentitySource("exampleIdentitySource", IdentitySourceArgs.builder()
.policyStoreId(example.id())
.configuration(IdentitySourceConfigurationArgs.builder()
.openIdConnectConfiguration(IdentitySourceConfigurationOpenIdConnectConfigurationArgs.builder()
.issuer("https://auth.example.com")
.tokenSelection(IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs.builder()
.accessTokenOnly(IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs.builder()
.audiences("https://myapp.example.com")
.principalIdClaim("sub")
.build())
.build())
.entityIdPrefix("MyOIDCProvider")
.groupConfiguration(IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs.builder()
.groupClaim("groups")
.groupEntityType("MyCorp::UserGroup")
.build())
.build())
.build())
.principalEntityType("MyCorp::User")
.build());
}
}
resources:
example:
type: aws:verifiedpermissions:PolicyStore
properties:
validationSettings:
mode: STRICT
exampleIdentitySource:
type: aws:verifiedpermissions:IdentitySource
name: example
properties:
policyStoreId: ${example.id}
configuration:
openIdConnectConfiguration:
issuer: https://auth.example.com
tokenSelection:
accessTokenOnly:
audiences:
- https://myapp.example.com
principalIdClaim: sub
entityIdPrefix: MyOIDCProvider
groupConfiguration:
groupClaim: groups
groupEntityType: MyCorp::UserGroup
principalEntityType: MyCorp::User
Create IdentitySource Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IdentitySource(name: string, args: IdentitySourceArgs, opts?: CustomResourceOptions);@overload
def IdentitySource(resource_name: str,
args: IdentitySourceArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IdentitySource(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy_store_id: Optional[str] = None,
configuration: Optional[IdentitySourceConfigurationArgs] = None,
principal_entity_type: Optional[str] = None)func NewIdentitySource(ctx *Context, name string, args IdentitySourceArgs, opts ...ResourceOption) (*IdentitySource, error)public IdentitySource(string name, IdentitySourceArgs args, CustomResourceOptions? opts = null)
public IdentitySource(String name, IdentitySourceArgs args)
public IdentitySource(String name, IdentitySourceArgs args, CustomResourceOptions options)
type: aws:verifiedpermissions:IdentitySource
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IdentitySourceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IdentitySourceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IdentitySourceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IdentitySourceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IdentitySourceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var identitySourceResource = new Aws.VerifiedPermissions.IdentitySource("identitySourceResource", new()
{
PolicyStoreId = "string",
Configuration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationArgs
{
CognitoUserPoolConfiguration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationCognitoUserPoolConfigurationArgs
{
UserPoolArn = "string",
ClientIds = new[]
{
"string",
},
GroupConfiguration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationCognitoUserPoolConfigurationGroupConfigurationArgs
{
GroupEntityType = "string",
},
},
OpenIdConnectConfiguration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationArgs
{
Issuer = "string",
EntityIdPrefix = "string",
GroupConfiguration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs
{
GroupClaim = "string",
GroupEntityType = "string",
},
TokenSelection = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs
{
AccessTokenOnly = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs
{
Audiences = new[]
{
"string",
},
PrincipalIdClaim = "string",
},
IdentityTokenOnly = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionIdentityTokenOnlyArgs
{
ClientIds = new[]
{
"string",
},
PrincipalIdClaim = "string",
},
},
},
},
PrincipalEntityType = "string",
});
example, err := verifiedpermissions.NewIdentitySource(ctx, "identitySourceResource", &verifiedpermissions.IdentitySourceArgs{
PolicyStoreId: pulumi.String("string"),
Configuration: &verifiedpermissions.IdentitySourceConfigurationArgs{
CognitoUserPoolConfiguration: &verifiedpermissions.IdentitySourceConfigurationCognitoUserPoolConfigurationArgs{
UserPoolArn: pulumi.String("string"),
ClientIds: pulumi.StringArray{
pulumi.String("string"),
},
GroupConfiguration: &verifiedpermissions.IdentitySourceConfigurationCognitoUserPoolConfigurationGroupConfigurationArgs{
GroupEntityType: pulumi.String("string"),
},
},
OpenIdConnectConfiguration: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationArgs{
Issuer: pulumi.String("string"),
EntityIdPrefix: pulumi.String("string"),
GroupConfiguration: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs{
GroupClaim: pulumi.String("string"),
GroupEntityType: pulumi.String("string"),
},
TokenSelection: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs{
AccessTokenOnly: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs{
Audiences: pulumi.StringArray{
pulumi.String("string"),
},
PrincipalIdClaim: pulumi.String("string"),
},
IdentityTokenOnly: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionIdentityTokenOnlyArgs{
ClientIds: pulumi.StringArray{
pulumi.String("string"),
},
PrincipalIdClaim: pulumi.String("string"),
},
},
},
},
PrincipalEntityType: pulumi.String("string"),
})
var identitySourceResource = new IdentitySource("identitySourceResource", IdentitySourceArgs.builder()
.policyStoreId("string")
.configuration(IdentitySourceConfigurationArgs.builder()
.cognitoUserPoolConfiguration(IdentitySourceConfigurationCognitoUserPoolConfigurationArgs.builder()
.userPoolArn("string")
.clientIds("string")
.groupConfiguration(IdentitySourceConfigurationCognitoUserPoolConfigurationGroupConfigurationArgs.builder()
.groupEntityType("string")
.build())
.build())
.openIdConnectConfiguration(IdentitySourceConfigurationOpenIdConnectConfigurationArgs.builder()
.issuer("string")
.entityIdPrefix("string")
.groupConfiguration(IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs.builder()
.groupClaim("string")
.groupEntityType("string")
.build())
.tokenSelection(IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs.builder()
.accessTokenOnly(IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs.builder()
.audiences("string")
.principalIdClaim("string")
.build())
.identityTokenOnly(IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionIdentityTokenOnlyArgs.builder()
.clientIds("string")
.principalIdClaim("string")
.build())
.build())
.build())
.build())
.principalEntityType("string")
.build());
identity_source_resource = aws.verifiedpermissions.IdentitySource("identitySourceResource",
policy_store_id="string",
configuration={
"cognito_user_pool_configuration": {
"user_pool_arn": "string",
"client_ids": ["string"],
"group_configuration": {
"group_entity_type": "string",
},
},
"open_id_connect_configuration": {
"issuer": "string",
"entity_id_prefix": "string",
"group_configuration": {
"group_claim": "string",
"group_entity_type": "string",
},
"token_selection": {
"access_token_only": {
"audiences": ["string"],
"principal_id_claim": "string",
},
"identity_token_only": {
"client_ids": ["string"],
"principal_id_claim": "string",
},
},
},
},
principal_entity_type="string")
const identitySourceResource = new aws.verifiedpermissions.IdentitySource("identitySourceResource", {
policyStoreId: "string",
configuration: {
cognitoUserPoolConfiguration: {
userPoolArn: "string",
clientIds: ["string"],
groupConfiguration: {
groupEntityType: "string",
},
},
openIdConnectConfiguration: {
issuer: "string",
entityIdPrefix: "string",
groupConfiguration: {
groupClaim: "string",
groupEntityType: "string",
},
tokenSelection: {
accessTokenOnly: {
audiences: ["string"],
principalIdClaim: "string",
},
identityTokenOnly: {
clientIds: ["string"],
principalIdClaim: "string",
},
},
},
},
principalEntityType: "string",
});
type: aws:verifiedpermissions:IdentitySource
properties:
configuration:
cognitoUserPoolConfiguration:
clientIds:
- string
groupConfiguration:
groupEntityType: string
userPoolArn: string
openIdConnectConfiguration:
entityIdPrefix: string
groupConfiguration:
groupClaim: string
groupEntityType: string
issuer: string
tokenSelection:
accessTokenOnly:
audiences:
- string
principalIdClaim: string
identityTokenOnly:
clientIds:
- string
principalIdClaim: string
policyStoreId: string
principalEntityType: string
IdentitySource Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IdentitySource resource accepts the following input properties:
- Policy
Store stringId - Specifies the ID of the policy store in which you want to store this identity source.
- Configuration
Identity
Source Configuration - Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- Principal
Entity stringType - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
- Policy
Store stringId - Specifies the ID of the policy store in which you want to store this identity source.
- Configuration
Identity
Source Configuration Args - Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- Principal
Entity stringType - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
- policy
Store StringId - Specifies the ID of the policy store in which you want to store this identity source.
- configuration
Identity
Source Configuration - Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- principal
Entity StringType - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
- policy
Store stringId - Specifies the ID of the policy store in which you want to store this identity source.
- configuration
Identity
Source Configuration - Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- principal
Entity stringType - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
- policy_
store_ strid - Specifies the ID of the policy store in which you want to store this identity source.
- configuration
Identity
Source Configuration Args - Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- principal_
entity_ strtype - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
- policy
Store StringId - Specifies the ID of the policy store in which you want to store this identity source.
- configuration Property Map
- Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- principal
Entity StringType - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
Outputs
All input properties are implicitly available as output properties. Additionally, the IdentitySource resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing IdentitySource Resource
Get an existing IdentitySource resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IdentitySourceState, opts?: CustomResourceOptions): IdentitySource@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
configuration: Optional[IdentitySourceConfigurationArgs] = None,
policy_store_id: Optional[str] = None,
principal_entity_type: Optional[str] = None) -> IdentitySourcefunc GetIdentitySource(ctx *Context, name string, id IDInput, state *IdentitySourceState, opts ...ResourceOption) (*IdentitySource, error)public static IdentitySource Get(string name, Input<string> id, IdentitySourceState? state, CustomResourceOptions? opts = null)public static IdentitySource get(String name, Output<String> id, IdentitySourceState state, CustomResourceOptions options)resources: _: type: aws:verifiedpermissions:IdentitySource get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Configuration
Identity
Source Configuration - Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- Policy
Store stringId - Specifies the ID of the policy store in which you want to store this identity source.
- Principal
Entity stringType - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
- Configuration
Identity
Source Configuration Args - Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- Policy
Store stringId - Specifies the ID of the policy store in which you want to store this identity source.
- Principal
Entity stringType - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
- configuration
Identity
Source Configuration - Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- policy
Store StringId - Specifies the ID of the policy store in which you want to store this identity source.
- principal
Entity StringType - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
- configuration
Identity
Source Configuration - Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- policy
Store stringId - Specifies the ID of the policy store in which you want to store this identity source.
- principal
Entity stringType - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
- configuration
Identity
Source Configuration Args - Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- policy_
store_ strid - Specifies the ID of the policy store in which you want to store this identity source.
- principal_
entity_ strtype - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
- configuration Property Map
- Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
- policy
Store StringId - Specifies the ID of the policy store in which you want to store this identity source.
- principal
Entity StringType - Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
Supporting Types
IdentitySourceConfiguration, IdentitySourceConfigurationArgs
- Cognito
User IdentityPool Configuration Source Configuration Cognito User Pool Configuration - Specifies the configuration details of an Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. See Cognito User Pool Configuration below.
- Open
Id IdentityConnect Configuration Source Configuration Open Id Connect Configuration - Specifies the configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. See Open ID Connect Configuration below.
- Cognito
User IdentityPool Configuration Source Configuration Cognito User Pool Configuration - Specifies the configuration details of an Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. See Cognito User Pool Configuration below.
- Open
Id IdentityConnect Configuration Source Configuration Open Id Connect Configuration - Specifies the configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. See Open ID Connect Configuration below.
- cognito
User IdentityPool Configuration Source Configuration Cognito User Pool Configuration - Specifies the configuration details of an Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. See Cognito User Pool Configuration below.
- open
Id IdentityConnect Configuration Source Configuration Open Id Connect Configuration - Specifies the configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. See Open ID Connect Configuration below.
- cognito
User IdentityPool Configuration Source Configuration Cognito User Pool Configuration - Specifies the configuration details of an Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. See Cognito User Pool Configuration below.
- open
Id IdentityConnect Configuration Source Configuration Open Id Connect Configuration - Specifies the configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. See Open ID Connect Configuration below.
- cognito_
user_ Identitypool_ configuration Source Configuration Cognito User Pool Configuration - Specifies the configuration details of an Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. See Cognito User Pool Configuration below.
- open_
id_ Identityconnect_ configuration Source Configuration Open Id Connect Configuration - Specifies the configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. See Open ID Connect Configuration below.
- cognito
User Property MapPool Configuration - Specifies the configuration details of an Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. See Cognito User Pool Configuration below.
- open
Id Property MapConnect Configuration - Specifies the configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. See Open ID Connect Configuration below.
IdentitySourceConfigurationCognitoUserPoolConfiguration, IdentitySourceConfigurationCognitoUserPoolConfigurationArgs
- User
Pool stringArn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be authorized.
- Client
Ids List<string> - The unique application client IDs that are associated with the specified Amazon Cognito user pool.
- Group
Configuration IdentitySource Configuration Cognito User Pool Configuration Group Configuration - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- User
Pool stringArn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be authorized.
- Client
Ids []string - The unique application client IDs that are associated with the specified Amazon Cognito user pool.
- Group
Configuration IdentitySource Configuration Cognito User Pool Configuration Group Configuration - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- user
Pool StringArn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be authorized.
- client
Ids List<String> - The unique application client IDs that are associated with the specified Amazon Cognito user pool.
- group
Configuration IdentitySource Configuration Cognito User Pool Configuration Group Configuration - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- user
Pool stringArn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be authorized.
- client
Ids string[] - The unique application client IDs that are associated with the specified Amazon Cognito user pool.
- group
Configuration IdentitySource Configuration Cognito User Pool Configuration Group Configuration - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- user_
pool_ strarn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be authorized.
- client_
ids Sequence[str] - The unique application client IDs that are associated with the specified Amazon Cognito user pool.
- group_
configuration IdentitySource Configuration Cognito User Pool Configuration Group Configuration - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- user
Pool StringArn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be authorized.
- client
Ids List<String> - The unique application client IDs that are associated with the specified Amazon Cognito user pool.
- group
Configuration Property Map - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
IdentitySourceConfigurationCognitoUserPoolConfigurationGroupConfiguration, IdentitySourceConfigurationCognitoUserPoolConfigurationGroupConfigurationArgs
- Group
Entity stringType - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
- Group
Entity stringType - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
- group
Entity StringType - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
- group
Entity stringType - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
- group_
entity_ strtype - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
- group
Entity StringType - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
IdentitySourceConfigurationOpenIdConnectConfiguration, IdentitySourceConfigurationOpenIdConnectConfigurationArgs
- Issuer string
- The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path
.well-known/openid-configuration. - Entity
Id stringPrefix - A descriptive string that you want to prefix to user entities from your OIDC identity provider.
- Group
Configuration IdentitySource Configuration Open Id Connect Configuration Group Configuration - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- Token
Selection IdentitySource Configuration Open Id Connect Configuration Token Selection - The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source. See Token Selection below.
- Issuer string
- The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path
.well-known/openid-configuration. - Entity
Id stringPrefix - A descriptive string that you want to prefix to user entities from your OIDC identity provider.
- Group
Configuration IdentitySource Configuration Open Id Connect Configuration Group Configuration - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- Token
Selection IdentitySource Configuration Open Id Connect Configuration Token Selection - The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source. See Token Selection below.
- issuer String
- The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path
.well-known/openid-configuration. - entity
Id StringPrefix - A descriptive string that you want to prefix to user entities from your OIDC identity provider.
- group
Configuration IdentitySource Configuration Open Id Connect Configuration Group Configuration - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- token
Selection IdentitySource Configuration Open Id Connect Configuration Token Selection - The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source. See Token Selection below.
- issuer string
- The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path
.well-known/openid-configuration. - entity
Id stringPrefix - A descriptive string that you want to prefix to user entities from your OIDC identity provider.
- group
Configuration IdentitySource Configuration Open Id Connect Configuration Group Configuration - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- token
Selection IdentitySource Configuration Open Id Connect Configuration Token Selection - The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source. See Token Selection below.
- issuer str
- The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path
.well-known/openid-configuration. - entity_
id_ strprefix - A descriptive string that you want to prefix to user entities from your OIDC identity provider.
- group_
configuration IdentitySource Configuration Open Id Connect Configuration Group Configuration - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- token_
selection IdentitySource Configuration Open Id Connect Configuration Token Selection - The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source. See Token Selection below.
- issuer String
- The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path
.well-known/openid-configuration. - entity
Id StringPrefix - A descriptive string that you want to prefix to user entities from your OIDC identity provider.
- group
Configuration Property Map - The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below.
- token
Selection Property Map - The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source. See Token Selection below.
IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfiguration, IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs
- Group
Claim string - The token claim that you want Verified Permissions to interpret as group membership. For example,
groups. - Group
Entity stringType - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
- Group
Claim string - The token claim that you want Verified Permissions to interpret as group membership. For example,
groups. - Group
Entity stringType - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
- group
Claim String - The token claim that you want Verified Permissions to interpret as group membership. For example,
groups. - group
Entity StringType - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
- group
Claim string - The token claim that you want Verified Permissions to interpret as group membership. For example,
groups. - group
Entity stringType - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
- group_
claim str - The token claim that you want Verified Permissions to interpret as group membership. For example,
groups. - group_
entity_ strtype - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
- group
Claim String - The token claim that you want Verified Permissions to interpret as group membership. For example,
groups. - group
Entity StringType - The name of the schema entity type that's mapped to the user pool group. Defaults to
AWS::CognitoGroup.
IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelection, IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs
- Access
Token IdentityOnly Source Configuration Open Id Connect Configuration Token Selection Access Token Only - The OIDC configuration for processing access tokens. See Access Token Only below.
- Identity
Token IdentityOnly Source Configuration Open Id Connect Configuration Token Selection Identity Token Only - The OIDC configuration for processing identity (ID) tokens. See Identity Token Only below.
- Access
Token IdentityOnly Source Configuration Open Id Connect Configuration Token Selection Access Token Only - The OIDC configuration for processing access tokens. See Access Token Only below.
- Identity
Token IdentityOnly Source Configuration Open Id Connect Configuration Token Selection Identity Token Only - The OIDC configuration for processing identity (ID) tokens. See Identity Token Only below.
- access
Token IdentityOnly Source Configuration Open Id Connect Configuration Token Selection Access Token Only - The OIDC configuration for processing access tokens. See Access Token Only below.
- identity
Token IdentityOnly Source Configuration Open Id Connect Configuration Token Selection Identity Token Only - The OIDC configuration for processing identity (ID) tokens. See Identity Token Only below.
- access
Token IdentityOnly Source Configuration Open Id Connect Configuration Token Selection Access Token Only - The OIDC configuration for processing access tokens. See Access Token Only below.
- identity
Token IdentityOnly Source Configuration Open Id Connect Configuration Token Selection Identity Token Only - The OIDC configuration for processing identity (ID) tokens. See Identity Token Only below.
- access_
token_ Identityonly Source Configuration Open Id Connect Configuration Token Selection Access Token Only - The OIDC configuration for processing access tokens. See Access Token Only below.
- identity_
token_ Identityonly Source Configuration Open Id Connect Configuration Token Selection Identity Token Only - The OIDC configuration for processing identity (ID) tokens. See Identity Token Only below.
- access
Token Property MapOnly - The OIDC configuration for processing access tokens. See Access Token Only below.
- identity
Token Property MapOnly - The OIDC configuration for processing identity (ID) tokens. See Identity Token Only below.
IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnly, IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs
- Audiences List<string>
- The access token aud claim values that you want to accept in your policy store.
- Principal
Id stringClaim - The claim that determines the principal in OIDC access tokens.
- Audiences []string
- The access token aud claim values that you want to accept in your policy store.
- Principal
Id stringClaim - The claim that determines the principal in OIDC access tokens.
- audiences List<String>
- The access token aud claim values that you want to accept in your policy store.
- principal
Id StringClaim - The claim that determines the principal in OIDC access tokens.
- audiences string[]
- The access token aud claim values that you want to accept in your policy store.
- principal
Id stringClaim - The claim that determines the principal in OIDC access tokens.
- audiences Sequence[str]
- The access token aud claim values that you want to accept in your policy store.
- principal_
id_ strclaim - The claim that determines the principal in OIDC access tokens.
- audiences List<String>
- The access token aud claim values that you want to accept in your policy store.
- principal
Id StringClaim - The claim that determines the principal in OIDC access tokens.
IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionIdentityTokenOnly, IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionIdentityTokenOnlyArgs
- Client
Ids List<string> - The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider.
- Principal
Id stringClaim - The claim that determines the principal in OIDC access tokens.
- Client
Ids []string - The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider.
- Principal
Id stringClaim - The claim that determines the principal in OIDC access tokens.
- client
Ids List<String> - The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider.
- principal
Id StringClaim - The claim that determines the principal in OIDC access tokens.
- client
Ids string[] - The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider.
- principal
Id stringClaim - The claim that determines the principal in OIDC access tokens.
- client_
ids Sequence[str] - The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider.
- principal_
id_ strclaim - The claim that determines the principal in OIDC access tokens.
- client
Ids List<String> - The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider.
- principal
Id StringClaim - The claim that determines the principal in OIDC access tokens.
Import
Using pulumi import, import Verified Permissions Identity Source using the policy_store_id:identity_source_id. For example:
$ pulumi import aws:verifiedpermissions/identitySource:IdentitySource example policy-store-id-12345678:identity-source-id-12345678
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.