Documentation ¶
Index ¶
- func IdentityPoolRoleAttachment_IsConstruct(x interface{}) *bool
- func IdentityPoolRoleAttachment_IsResource(construct awscdk.IConstruct) *bool
- func IdentityPool_IsConstruct(x interface{}) *bool
- func IdentityPool_IsResource(construct awscdk.IConstruct) *bool
- func NewIdentityPoolProviderUrl_Override(i IdentityPoolProviderUrl, type_ IdentityPoolProviderType, value *string)
- func NewIdentityPoolRoleAttachment_Override(i IdentityPoolRoleAttachment, scope constructs.Construct, id *string, ...)
- func NewIdentityPool_Override(i IdentityPool, scope constructs.Construct, id *string, ...)
- func NewUserPoolAuthenticationProvider_Override(u UserPoolAuthenticationProvider, props *UserPoolAuthenticationProviderProps)
- type IIdentityPool
- type IIdentityPoolRoleAttachment
- type IUserPoolAuthenticationProvider
- type IdentityPool
- type IdentityPoolAmazonLoginProvider
- type IdentityPoolAppleLoginProvider
- type IdentityPoolAuthenticationProviders
- type IdentityPoolDigitsLoginProvider
- type IdentityPoolFacebookLoginProvider
- type IdentityPoolGoogleLoginProvider
- type IdentityPoolProps
- type IdentityPoolProviderType
- type IdentityPoolProviderUrl
- func IdentityPoolProviderUrl_AMAZON() IdentityPoolProviderUrl
- func IdentityPoolProviderUrl_APPLE() IdentityPoolProviderUrl
- func IdentityPoolProviderUrl_Custom(url *string) IdentityPoolProviderUrl
- func IdentityPoolProviderUrl_DIGITS() IdentityPoolProviderUrl
- func IdentityPoolProviderUrl_FACEBOOK() IdentityPoolProviderUrl
- func IdentityPoolProviderUrl_GOOGLE() IdentityPoolProviderUrl
- func IdentityPoolProviderUrl_OpenId(url *string) IdentityPoolProviderUrl
- func IdentityPoolProviderUrl_Saml(url *string) IdentityPoolProviderUrl
- func IdentityPoolProviderUrl_TWITTER() IdentityPoolProviderUrl
- func IdentityPoolProviderUrl_UserPool(url *string) IdentityPoolProviderUrl
- func NewIdentityPoolProviderUrl(type_ IdentityPoolProviderType, value *string) IdentityPoolProviderUrl
- type IdentityPoolProviders
- type IdentityPoolRoleAttachment
- type IdentityPoolRoleAttachmentProps
- type IdentityPoolRoleMapping
- type IdentityPoolTwitterLoginProvider
- type RoleMappingMatchType
- type RoleMappingRule
- type UserPoolAuthenticationProvider
- type UserPoolAuthenticationProviderBindConfig
- type UserPoolAuthenticationProviderBindOptions
- type UserPoolAuthenticationProviderProps
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IdentityPoolRoleAttachment_IsConstruct ¶
func IdentityPoolRoleAttachment_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func IdentityPoolRoleAttachment_IsResource ¶
func IdentityPoolRoleAttachment_IsResource(construct awscdk.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func IdentityPool_IsConstruct ¶
func IdentityPool_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func IdentityPool_IsResource ¶
func IdentityPool_IsResource(construct awscdk.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func NewIdentityPoolProviderUrl_Override ¶
func NewIdentityPoolProviderUrl_Override(i IdentityPoolProviderUrl, type_ IdentityPoolProviderType, value *string)
Experimental.
func NewIdentityPoolRoleAttachment_Override ¶
func NewIdentityPoolRoleAttachment_Override(i IdentityPoolRoleAttachment, scope constructs.Construct, id *string, props *IdentityPoolRoleAttachmentProps)
Experimental.
func NewIdentityPool_Override ¶
func NewIdentityPool_Override(i IdentityPool, scope constructs.Construct, id *string, props *IdentityPoolProps)
Experimental.
func NewUserPoolAuthenticationProvider_Override ¶
func NewUserPoolAuthenticationProvider_Override(u UserPoolAuthenticationProvider, props *UserPoolAuthenticationProviderProps)
Experimental.
Types ¶
type IIdentityPool ¶
type IIdentityPool interface { awscdk.IResource // The ARN of the Identity Pool. // Experimental. IdentityPoolArn() *string // The id of the Identity Pool in the format REGION:GUID. // Experimental. IdentityPoolId() *string // Name of the Identity Pool. // Experimental. IdentityPoolName() *string }
Represents a Cognito IdentityPool. Experimental.
func IdentityPool_FromIdentityPoolArn ¶
func IdentityPool_FromIdentityPoolArn(scope constructs.Construct, id *string, identityPoolArn *string) IIdentityPool
Import an existing Identity Pool from its Arn. Experimental.
func IdentityPool_FromIdentityPoolId ¶
func IdentityPool_FromIdentityPoolId(scope constructs.Construct, id *string, identityPoolId *string) IIdentityPool
Import an existing Identity Pool from its id. Experimental.
type IIdentityPoolRoleAttachment ¶
type IIdentityPoolRoleAttachment interface { awscdk.IResource // Id of the Attachments Underlying Identity Pool. // Experimental. IdentityPoolId() *string }
Represents an Identity Pool Role Attachment. Experimental.
type IUserPoolAuthenticationProvider ¶
type IUserPoolAuthenticationProvider interface { // The method called when a given User Pool Authentication Provider is added (for the first time) to an Identity Pool. // Experimental. Bind(scope constructs.Construct, identityPool IIdentityPool, options *UserPoolAuthenticationProviderBindOptions) *UserPoolAuthenticationProviderBindConfig }
Represents the concept of a User Pool Authentication Provider.
You use user pool authentication providers to configure User Pools and User Pool Clients for use with Identity Pools. Experimental.
type IdentityPool ¶
type IdentityPool interface { awscdk.Resource IIdentityPool // Default role for authenticated users. // Experimental. AuthenticatedRole() awsiam.IRole // The environment this resource belongs to. // // For resources that are created and managed by the CDK // (generally, those created by creating new class instances like Role, Bucket, etc.), // this is always the same as the environment of the stack they belong to; // however, for imported resources // (those obtained from static methods like fromRoleArn, fromBucketName, etc.), // that might be different than the stack they were imported into. // Experimental. Env() *awscdk.ResourceEnvironment // The ARN of the Identity Pool. // Experimental. IdentityPoolArn() *string // The id of the Identity Pool in the format REGION:GUID. // Experimental. IdentityPoolId() *string // The name of the Identity Pool. // Experimental. IdentityPoolName() *string // The construct tree node associated with this construct. // Experimental. Node() awscdk.ConstructNode // Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource. // // This value will resolve to one of the following: // - a concrete value (e.g. `"my-awesome-bucket"`) // - `undefined`, when a name should be generated by CloudFormation // - a concrete name generated automatically during synthesis, in // cross-environment scenarios. // Experimental. PhysicalName() *string // The stack in which this resource is defined. // Experimental. Stack() awscdk.Stack // Default role for unauthenticated users. // Experimental. UnauthenticatedRole() awsiam.IRole // Adds Role Mappings to Identity Pool. // Experimental. AddRoleMappings(roleMappings ...*IdentityPoolRoleMapping) // Add a User Pool to the IdentityPool and configure User Pool Client to handle identities. // Experimental. AddUserPoolAuthentication(userPool IUserPoolAuthenticationProvider) // Apply the given removal policy to this resource. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). // Experimental. ApplyRemovalPolicy(policy awscdk.RemovalPolicy) // Experimental. GeneratePhysicalName() *string // Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`). // // Normally, this token will resolve to `arnAttr`, but if the resource is // referenced across environments, `arnComponents` will be used to synthesize // a concrete ARN with the resource's physical name. Make sure to reference // `this.physicalName` in `arnComponents`. // Experimental. GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string // Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`). // // Normally, this token will resolve to `nameAttr`, but if the resource is // referenced across environments, it will be resolved to `this.physicalName`, // which will be a concrete name. // Experimental. GetResourceNameAttribute(nameAttr *string) *string // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. OnPrepare() // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. OnSynthesize(session constructs.ISynthesisSession) // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. OnValidate() *[]*string // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. Prepare() // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. Synthesize(session awscdk.ISynthesisSession) // Returns a string representation of this construct. // Experimental. ToString() *string // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. Validate() *[]*string }
Define a Cognito Identity Pool.
Example:
var openIdConnectProvider openIdConnectProvider awscdk.NewIdentityPool(this, jsii.String("myidentitypool"), &identityPoolProps{ identityPoolName: jsii.String("myidentitypool"), authenticationProviders: &identityPoolAuthenticationProviders{ google: &identityPoolGoogleLoginProvider{ clientId: jsii.String("12345678012.apps.googleusercontent.com"), }, openIdConnectProviders: []iOpenIdConnectProvider{ openIdConnectProvider, }, customProvider: jsii.String("my-custom-provider.example.com"), }, })
Experimental.
func NewIdentityPool ¶
func NewIdentityPool(scope constructs.Construct, id *string, props *IdentityPoolProps) IdentityPool
Experimental.
type IdentityPoolAmazonLoginProvider ¶
type IdentityPoolAmazonLoginProvider struct { // App Id for Amazon Identity Federation. // Experimental. AppId *string `field:"required" json:"appId" yaml:"appId"` }
Login Provider for Identity Federation using Amazon Credentials.
Example:
awscdk.NewIdentityPool(this, jsii.String("myidentitypool"), &identityPoolProps{ identityPoolName: jsii.String("myidentitypool"), authenticationProviders: &identityPoolAuthenticationProviders{ amazon: &identityPoolAmazonLoginProvider{ appId: jsii.String("amzn1.application.12312k3j234j13rjiwuenf"), }, facebook: &identityPoolFacebookLoginProvider{ appId: jsii.String("1234567890123"), }, google: &identityPoolGoogleLoginProvider{ clientId: jsii.String("12345678012.apps.googleusercontent.com"), }, apple: &identityPoolAppleLoginProvider{ servicesId: jsii.String("com.myappleapp.auth"), }, twitter: &identityPoolTwitterLoginProvider{ consumerKey: jsii.String("my-twitter-id"), consumerSecret: jsii.String("my-twitter-secret"), }, }, })
Experimental.
type IdentityPoolAppleLoginProvider ¶
type IdentityPoolAppleLoginProvider struct { // App Id for Apple Identity Federation. // Experimental. ServicesId *string `field:"required" json:"servicesId" yaml:"servicesId"` }
Login Provider for Identity Federation using Apple Credentials.
Example:
awscdk.NewIdentityPool(this, jsii.String("myidentitypool"), &identityPoolProps{ identityPoolName: jsii.String("myidentitypool"), authenticationProviders: &identityPoolAuthenticationProviders{ amazon: &identityPoolAmazonLoginProvider{ appId: jsii.String("amzn1.application.12312k3j234j13rjiwuenf"), }, facebook: &identityPoolFacebookLoginProvider{ appId: jsii.String("1234567890123"), }, google: &identityPoolGoogleLoginProvider{ clientId: jsii.String("12345678012.apps.googleusercontent.com"), }, apple: &identityPoolAppleLoginProvider{ servicesId: jsii.String("com.myappleapp.auth"), }, twitter: &identityPoolTwitterLoginProvider{ consumerKey: jsii.String("my-twitter-id"), consumerSecret: jsii.String("my-twitter-secret"), }, }, })
Experimental.
type IdentityPoolAuthenticationProviders ¶
type IdentityPoolAuthenticationProviders struct { // App Id for Amazon Identity Federation. // Experimental. Amazon *IdentityPoolAmazonLoginProvider `field:"optional" json:"amazon" yaml:"amazon"` // Services Id for Apple Identity Federation. // Experimental. Apple *IdentityPoolAppleLoginProvider `field:"optional" json:"apple" yaml:"apple"` // Consumer Key and Secret for Digits Identity Federation. // Experimental. Digits *IdentityPoolDigitsLoginProvider `field:"optional" json:"digits" yaml:"digits"` // App Id for Facebook Identity Federation. // Experimental. Facebook *IdentityPoolFacebookLoginProvider `field:"optional" json:"facebook" yaml:"facebook"` // Client Id for Google Identity Federation. // Experimental. Google *IdentityPoolGoogleLoginProvider `field:"optional" json:"google" yaml:"google"` // Consumer Key and Secret for Twitter Identity Federation. // Experimental. Twitter *IdentityPoolTwitterLoginProvider `field:"optional" json:"twitter" yaml:"twitter"` // The Developer Provider Name to associate with this Identity Pool. // Experimental. CustomProvider *string `field:"optional" json:"customProvider" yaml:"customProvider"` // The OpenIdConnect Provider associated with this Identity Pool. // Experimental. OpenIdConnectProviders *[]awsiam.IOpenIdConnectProvider `field:"optional" json:"openIdConnectProviders" yaml:"openIdConnectProviders"` // The Security Assertion Markup Language Provider associated with this Identity Pool. // Experimental. SamlProviders *[]awsiam.ISamlProvider `field:"optional" json:"samlProviders" yaml:"samlProviders"` // The User Pool Authentication Providers associated with this Identity Pool. // Experimental. UserPools *[]IUserPoolAuthenticationProvider `field:"optional" json:"userPools" yaml:"userPools"` }
Authentication providers for using in identity pool.
Example:
var openIdConnectProvider openIdConnectProvider awscdk.NewIdentityPool(this, jsii.String("myidentitypool"), &identityPoolProps{ identityPoolName: jsii.String("myidentitypool"), authenticationProviders: &identityPoolAuthenticationProviders{ google: &identityPoolGoogleLoginProvider{ clientId: jsii.String("12345678012.apps.googleusercontent.com"), }, openIdConnectProviders: []iOpenIdConnectProvider{ openIdConnectProvider, }, customProvider: jsii.String("my-custom-provider.example.com"), }, })
See: https://docs.aws.amazon.com/cognito/latest/developerguide/external-identity-providers.html
Experimental.
type IdentityPoolDigitsLoginProvider ¶
type IdentityPoolDigitsLoginProvider struct { // App Id for Twitter Identity Federation. // Experimental. ConsumerKey *string `field:"required" json:"consumerKey" yaml:"consumerKey"` // App Secret for Twitter Identity Federation. // Experimental. ConsumerSecret *string `field:"required" json:"consumerSecret" yaml:"consumerSecret"` }
Login Provider for Identity Federation using Digits Credentials.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" identityPoolDigitsLoginProvider := &identityPoolDigitsLoginProvider{ consumerKey: jsii.String("consumerKey"), consumerSecret: jsii.String("consumerSecret"), }
Experimental.
type IdentityPoolFacebookLoginProvider ¶
type IdentityPoolFacebookLoginProvider struct { // App Id for Facebook Identity Federation. // Experimental. AppId *string `field:"required" json:"appId" yaml:"appId"` }
Login Provider for Identity Federation using Facebook Credentials.
Example:
awscdk.NewIdentityPool(this, jsii.String("myidentitypool"), &identityPoolProps{ identityPoolName: jsii.String("myidentitypool"), authenticationProviders: &identityPoolAuthenticationProviders{ amazon: &identityPoolAmazonLoginProvider{ appId: jsii.String("amzn1.application.12312k3j234j13rjiwuenf"), }, facebook: &identityPoolFacebookLoginProvider{ appId: jsii.String("1234567890123"), }, google: &identityPoolGoogleLoginProvider{ clientId: jsii.String("12345678012.apps.googleusercontent.com"), }, apple: &identityPoolAppleLoginProvider{ servicesId: jsii.String("com.myappleapp.auth"), }, twitter: &identityPoolTwitterLoginProvider{ consumerKey: jsii.String("my-twitter-id"), consumerSecret: jsii.String("my-twitter-secret"), }, }, })
Experimental.
type IdentityPoolGoogleLoginProvider ¶
type IdentityPoolGoogleLoginProvider struct { // App Id for Google Identity Federation. // Experimental. ClientId *string `field:"required" json:"clientId" yaml:"clientId"` }
Login Provider for Identity Federation using Google Credentials.
Example:
awscdk.NewIdentityPool(this, jsii.String("myidentitypool"), &identityPoolProps{ identityPoolName: jsii.String("myidentitypool"), authenticationProviders: &identityPoolAuthenticationProviders{ amazon: &identityPoolAmazonLoginProvider{ appId: jsii.String("amzn1.application.12312k3j234j13rjiwuenf"), }, facebook: &identityPoolFacebookLoginProvider{ appId: jsii.String("1234567890123"), }, google: &identityPoolGoogleLoginProvider{ clientId: jsii.String("12345678012.apps.googleusercontent.com"), }, apple: &identityPoolAppleLoginProvider{ servicesId: jsii.String("com.myappleapp.auth"), }, twitter: &identityPoolTwitterLoginProvider{ consumerKey: jsii.String("my-twitter-id"), consumerSecret: jsii.String("my-twitter-secret"), }, }, })
Experimental.
type IdentityPoolProps ¶
type IdentityPoolProps struct { // Enables the Basic (Classic) authentication flow. // Experimental. AllowClassicFlow *bool `field:"optional" json:"allowClassicFlow" yaml:"allowClassicFlow"` // Wwhether the identity pool supports unauthenticated logins. // Experimental. AllowUnauthenticatedIdentities *bool `field:"optional" json:"allowUnauthenticatedIdentities" yaml:"allowUnauthenticatedIdentities"` // The Default Role to be assumed by Authenticated Users. // Experimental. AuthenticatedRole awsiam.IRole `field:"optional" json:"authenticatedRole" yaml:"authenticatedRole"` // Authentication providers for using in identity pool. // Experimental. AuthenticationProviders *IdentityPoolAuthenticationProviders `field:"optional" json:"authenticationProviders" yaml:"authenticationProviders"` // The name of the Identity Pool. // Experimental. IdentityPoolName *string `field:"optional" json:"identityPoolName" yaml:"identityPoolName"` // Rules for mapping roles to users. // Experimental. RoleMappings *[]*IdentityPoolRoleMapping `field:"optional" json:"roleMappings" yaml:"roleMappings"` // The Default Role to be assumed by Unauthenticated Users. // Experimental. UnauthenticatedRole awsiam.IRole `field:"optional" json:"unauthenticatedRole" yaml:"unauthenticatedRole"` }
Props for the IdentityPool construct.
Example:
var openIdConnectProvider openIdConnectProvider awscdk.NewIdentityPool(this, jsii.String("myidentitypool"), &identityPoolProps{ identityPoolName: jsii.String("myidentitypool"), authenticationProviders: &identityPoolAuthenticationProviders{ google: &identityPoolGoogleLoginProvider{ clientId: jsii.String("12345678012.apps.googleusercontent.com"), }, openIdConnectProviders: []iOpenIdConnectProvider{ openIdConnectProvider, }, customProvider: jsii.String("my-custom-provider.example.com"), }, })
Experimental.
type IdentityPoolProviderType ¶
type IdentityPoolProviderType string
Types of Identity Pool Login Providers. Experimental.
const ( // Facebook Provider type. // Experimental. IdentityPoolProviderType_FACEBOOK IdentityPoolProviderType = "FACEBOOK" // Google Provider Type. // Experimental. IdentityPoolProviderType_GOOGLE IdentityPoolProviderType = "GOOGLE" // Amazon Provider Type. // Experimental. IdentityPoolProviderType_AMAZON IdentityPoolProviderType = "AMAZON" // Apple Provider Type. // Experimental. IdentityPoolProviderType_APPLE IdentityPoolProviderType = "APPLE" // Twitter Provider Type. // Experimental. IdentityPoolProviderType_TWITTER IdentityPoolProviderType = "TWITTER" // Digits Provider Type. // Experimental. IdentityPoolProviderType_DIGITS IdentityPoolProviderType = "DIGITS" // Open Id Provider Type. // Experimental. IdentityPoolProviderType_OPEN_ID IdentityPoolProviderType = "OPEN_ID" // Saml Provider Type. // Experimental. IdentityPoolProviderType_SAML IdentityPoolProviderType = "SAML" // User Pool Provider Type. // Experimental. IdentityPoolProviderType_USER_POOL IdentityPoolProviderType = "USER_POOL" // Custom Provider Type. // Experimental. IdentityPoolProviderType_CUSTOM IdentityPoolProviderType = "CUSTOM" )
type IdentityPoolProviderUrl ¶
type IdentityPoolProviderUrl interface { // type of Provider Url. // Experimental. Type() IdentityPoolProviderType // value of Provider Url. // Experimental. Value() *string }
Keys for Login Providers - correspond to client id's of respective federation identity providers.
Example:
import "github.com/aws/aws-cdk-go/awscdk" awscdk.NewIdentityPool(this, jsii.String("myidentitypool"), &identityPoolProps{ identityPoolName: jsii.String("myidentitypool"), roleMappings: []identityPoolRoleMapping{ &identityPoolRoleMapping{ providerUrl: awscdk.IdentityPoolProviderUrl.userPool(jsii.String("cognito-idp.my-idp-region.amazonaws.com/my-idp-region_abcdefghi:app_client_id")), useToken: jsii.Boolean(true), }, &identityPoolRoleMapping{ providerUrl: awscdk.IdentityPoolProviderUrl.custom(jsii.String("my-custom-provider.com")), useToken: jsii.Boolean(true), }, }, })
Experimental.
func IdentityPoolProviderUrl_AMAZON ¶
func IdentityPoolProviderUrl_AMAZON() IdentityPoolProviderUrl
func IdentityPoolProviderUrl_APPLE ¶
func IdentityPoolProviderUrl_APPLE() IdentityPoolProviderUrl
func IdentityPoolProviderUrl_Custom ¶
func IdentityPoolProviderUrl_Custom(url *string) IdentityPoolProviderUrl
Custom Provider Url. Experimental.
func IdentityPoolProviderUrl_DIGITS ¶
func IdentityPoolProviderUrl_DIGITS() IdentityPoolProviderUrl
func IdentityPoolProviderUrl_FACEBOOK ¶
func IdentityPoolProviderUrl_FACEBOOK() IdentityPoolProviderUrl
func IdentityPoolProviderUrl_GOOGLE ¶
func IdentityPoolProviderUrl_GOOGLE() IdentityPoolProviderUrl
func IdentityPoolProviderUrl_OpenId ¶
func IdentityPoolProviderUrl_OpenId(url *string) IdentityPoolProviderUrl
OpenId Provider Url. Experimental.
func IdentityPoolProviderUrl_Saml ¶
func IdentityPoolProviderUrl_Saml(url *string) IdentityPoolProviderUrl
Saml Provider Url. Experimental.
func IdentityPoolProviderUrl_TWITTER ¶
func IdentityPoolProviderUrl_TWITTER() IdentityPoolProviderUrl
func IdentityPoolProviderUrl_UserPool ¶
func IdentityPoolProviderUrl_UserPool(url *string) IdentityPoolProviderUrl
User Pool Provider Url. Experimental.
func NewIdentityPoolProviderUrl ¶
func NewIdentityPoolProviderUrl(type_ IdentityPoolProviderType, value *string) IdentityPoolProviderUrl
Experimental.
type IdentityPoolProviders ¶
type IdentityPoolProviders struct { // App Id for Amazon Identity Federation. // Experimental. Amazon *IdentityPoolAmazonLoginProvider `field:"optional" json:"amazon" yaml:"amazon"` // Services Id for Apple Identity Federation. // Experimental. Apple *IdentityPoolAppleLoginProvider `field:"optional" json:"apple" yaml:"apple"` // Consumer Key and Secret for Digits Identity Federation. // Experimental. Digits *IdentityPoolDigitsLoginProvider `field:"optional" json:"digits" yaml:"digits"` // App Id for Facebook Identity Federation. // Experimental. Facebook *IdentityPoolFacebookLoginProvider `field:"optional" json:"facebook" yaml:"facebook"` // Client Id for Google Identity Federation. // Experimental. Google *IdentityPoolGoogleLoginProvider `field:"optional" json:"google" yaml:"google"` // Consumer Key and Secret for Twitter Identity Federation. // Experimental. Twitter *IdentityPoolTwitterLoginProvider `field:"optional" json:"twitter" yaml:"twitter"` }
External Identity Providers To Connect to User Pools and Identity Pools.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" identityPoolProviders := &identityPoolProviders{ amazon: &identityPoolAmazonLoginProvider{ appId: jsii.String("appId"), }, apple: &identityPoolAppleLoginProvider{ servicesId: jsii.String("servicesId"), }, digits: &identityPoolDigitsLoginProvider{ consumerKey: jsii.String("consumerKey"), consumerSecret: jsii.String("consumerSecret"), }, facebook: &identityPoolFacebookLoginProvider{ appId: jsii.String("appId"), }, google: &identityPoolGoogleLoginProvider{ clientId: jsii.String("clientId"), }, twitter: &identityPoolTwitterLoginProvider{ consumerKey: jsii.String("consumerKey"), consumerSecret: jsii.String("consumerSecret"), }, }
Experimental.
type IdentityPoolRoleAttachment ¶
type IdentityPoolRoleAttachment interface { awscdk.Resource IIdentityPoolRoleAttachment // The environment this resource belongs to. // // For resources that are created and managed by the CDK // (generally, those created by creating new class instances like Role, Bucket, etc.), // this is always the same as the environment of the stack they belong to; // however, for imported resources // (those obtained from static methods like fromRoleArn, fromBucketName, etc.), // that might be different than the stack they were imported into. // Experimental. Env() *awscdk.ResourceEnvironment // Id of the underlying identity pool. // Experimental. IdentityPoolId() *string // The construct tree node associated with this construct. // Experimental. Node() awscdk.ConstructNode // Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource. // // This value will resolve to one of the following: // - a concrete value (e.g. `"my-awesome-bucket"`) // - `undefined`, when a name should be generated by CloudFormation // - a concrete name generated automatically during synthesis, in // cross-environment scenarios. // Experimental. PhysicalName() *string // The stack in which this resource is defined. // Experimental. Stack() awscdk.Stack // Apply the given removal policy to this resource. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). // Experimental. ApplyRemovalPolicy(policy awscdk.RemovalPolicy) // Experimental. GeneratePhysicalName() *string // Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`). // // Normally, this token will resolve to `arnAttr`, but if the resource is // referenced across environments, `arnComponents` will be used to synthesize // a concrete ARN with the resource's physical name. Make sure to reference // `this.physicalName` in `arnComponents`. // Experimental. GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string // Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`). // // Normally, this token will resolve to `nameAttr`, but if the resource is // referenced across environments, it will be resolved to `this.physicalName`, // which will be a concrete name. // Experimental. GetResourceNameAttribute(nameAttr *string) *string // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. OnPrepare() // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. OnSynthesize(session constructs.ISynthesisSession) // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. OnValidate() *[]*string // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. Prepare() // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. Synthesize(session awscdk.ISynthesisSession) // Returns a string representation of this construct. // Experimental. ToString() *string // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. Validate() *[]*string }
Defines an Identity Pool Role Attachment.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" var identityPool identityPool var identityPoolProviderUrl identityPoolProviderUrl var role role identityPoolRoleAttachment := awscdk.Aws_cognito_identitypool.NewIdentityPoolRoleAttachment(this, jsii.String("MyIdentityPoolRoleAttachment"), &identityPoolRoleAttachmentProps{ identityPool: identityPool, // the properties below are optional authenticatedRole: role, roleMappings: []identityPoolRoleMapping{ &identityPoolRoleMapping{ providerUrl: identityPoolProviderUrl, // the properties below are optional resolveAmbiguousRoles: jsii.Boolean(false), rules: []roleMappingRule{ &roleMappingRule{ claim: jsii.String("claim"), claimValue: jsii.String("claimValue"), mappedRole: role, // the properties below are optional matchType: awscdk.*Aws_cognito_identitypool.roleMappingMatchType_EQUALS, }, }, useToken: jsii.Boolean(false), }, }, unauthenticatedRole: role, })
Experimental.
func NewIdentityPoolRoleAttachment ¶
func NewIdentityPoolRoleAttachment(scope constructs.Construct, id *string, props *IdentityPoolRoleAttachmentProps) IdentityPoolRoleAttachment
Experimental.
type IdentityPoolRoleAttachmentProps ¶
type IdentityPoolRoleAttachmentProps struct { // Id of the Attachments Underlying Identity Pool. // Experimental. IdentityPool IIdentityPool `field:"required" json:"identityPool" yaml:"identityPool"` // Default Authenticated (User) Role. // Experimental. AuthenticatedRole awsiam.IRole `field:"optional" json:"authenticatedRole" yaml:"authenticatedRole"` // Rules for mapping roles to users. // Experimental. RoleMappings *[]*IdentityPoolRoleMapping `field:"optional" json:"roleMappings" yaml:"roleMappings"` // Default Unauthenticated (Guest) Role. // Experimental. UnauthenticatedRole awsiam.IRole `field:"optional" json:"unauthenticatedRole" yaml:"unauthenticatedRole"` }
Props for an Identity Pool Role Attachment.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" var identityPool identityPool var identityPoolProviderUrl identityPoolProviderUrl var role role identityPoolRoleAttachmentProps := &identityPoolRoleAttachmentProps{ identityPool: identityPool, // the properties below are optional authenticatedRole: role, roleMappings: []identityPoolRoleMapping{ &identityPoolRoleMapping{ providerUrl: identityPoolProviderUrl, // the properties below are optional resolveAmbiguousRoles: jsii.Boolean(false), rules: []roleMappingRule{ &roleMappingRule{ claim: jsii.String("claim"), claimValue: jsii.String("claimValue"), mappedRole: role, // the properties below are optional matchType: awscdk.Aws_cognito_identitypool.roleMappingMatchType_EQUALS, }, }, useToken: jsii.Boolean(false), }, }, unauthenticatedRole: role, }
Experimental.
type IdentityPoolRoleMapping ¶
type IdentityPoolRoleMapping struct { // The url of the provider of for which the role is mapped. // Experimental. ProviderUrl IdentityPoolProviderUrl `field:"required" json:"providerUrl" yaml:"providerUrl"` // Allow for role assumption when results of role mapping are ambiguous. // Experimental. ResolveAmbiguousRoles *bool `field:"optional" json:"resolveAmbiguousRoles" yaml:"resolveAmbiguousRoles"` // The claim and value that must be matched in order to assume the role. // // Required if useToken is false. // Experimental. Rules *[]*RoleMappingRule `field:"optional" json:"rules" yaml:"rules"` // If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from identity provider. // See: https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html#using-tokens-to-assign-roles-to-users // // Experimental. UseToken *bool `field:"optional" json:"useToken" yaml:"useToken"` }
Map roles to users in the identity pool based on claims from the Identity Provider.
Example:
import "github.com/aws/aws-cdk-go/awscdk" var identityPool identityPool var myAddedRoleMapping1 identityPoolRoleMapping var myAddedRoleMapping2 identityPoolRoleMapping var myAddedRoleMapping3 identityPoolRoleMapping identityPool.addRoleMappings(myAddedRoleMapping1, myAddedRoleMapping2, myAddedRoleMapping3)
Experimental.
type IdentityPoolTwitterLoginProvider ¶
type IdentityPoolTwitterLoginProvider struct { // App Id for Twitter Identity Federation. // Experimental. ConsumerKey *string `field:"required" json:"consumerKey" yaml:"consumerKey"` // App Secret for Twitter Identity Federation. // Experimental. ConsumerSecret *string `field:"required" json:"consumerSecret" yaml:"consumerSecret"` }
Login Provider for Identity Federation using Twitter Credentials.
Example:
awscdk.NewIdentityPool(this, jsii.String("myidentitypool"), &identityPoolProps{ identityPoolName: jsii.String("myidentitypool"), authenticationProviders: &identityPoolAuthenticationProviders{ amazon: &identityPoolAmazonLoginProvider{ appId: jsii.String("amzn1.application.12312k3j234j13rjiwuenf"), }, facebook: &identityPoolFacebookLoginProvider{ appId: jsii.String("1234567890123"), }, google: &identityPoolGoogleLoginProvider{ clientId: jsii.String("12345678012.apps.googleusercontent.com"), }, apple: &identityPoolAppleLoginProvider{ servicesId: jsii.String("com.myappleapp.auth"), }, twitter: &identityPoolTwitterLoginProvider{ consumerKey: jsii.String("my-twitter-id"), consumerSecret: jsii.String("my-twitter-secret"), }, }, })
Experimental.
type RoleMappingMatchType ¶
type RoleMappingMatchType string
Types of matches allowed for Role Mapping.
Example:
import "github.com/aws/aws-cdk-go/awscdk" var adminRole role var nonAdminRole role awscdk.NewIdentityPool(this, jsii.String("myidentitypool"), &identityPoolProps{ identityPoolName: jsii.String("myidentitypool"), // Assign specific roles to users based on whether or not the custom admin claim is passed from the identity provider roleMappings: []identityPoolRoleMapping{ &identityPoolRoleMapping{ providerUrl: awscdk.IdentityPoolProviderUrl_AMAZON(), rules: []roleMappingRule{ &roleMappingRule{ claim: jsii.String("custom:admin"), claimValue: jsii.String("admin"), mappedRole: adminRole, }, &roleMappingRule{ claim: jsii.String("custom:admin"), claimValue: jsii.String("admin"), matchType: awscdk.RoleMappingMatchType_NOTEQUAL, mappedRole: nonAdminRole, }, }, }, }, })
Experimental.
const ( // The Claim from the token must equal the given value in order for a match. // Experimental. RoleMappingMatchType_EQUALS RoleMappingMatchType = "EQUALS" // The Claim from the token must contain the given value in order for a match. // Experimental. RoleMappingMatchType_CONTAINS RoleMappingMatchType = "CONTAINS" // The Claim from the token must start with the given value in order for a match. // Experimental. RoleMappingMatchType_STARTS_WITH RoleMappingMatchType = "STARTS_WITH" // The Claim from the token must not equal the given value in order for a match. // Experimental. RoleMappingMatchType_NOTEQUAL RoleMappingMatchType = "NOTEQUAL" )
type RoleMappingRule ¶
type RoleMappingRule struct { // The key sent in the token by the federated identity provider. // Experimental. Claim *string `field:"required" json:"claim" yaml:"claim"` // The value of the claim that must be matched. // Experimental. ClaimValue *string `field:"required" json:"claimValue" yaml:"claimValue"` // The Role to be assumed when Claim Value is matched. // Experimental. MappedRole awsiam.IRole `field:"required" json:"mappedRole" yaml:"mappedRole"` // How to match with the Claim value. // Experimental. MatchType RoleMappingMatchType `field:"optional" json:"matchType" yaml:"matchType"` }
Represents an Identity Pool Role Attachment Role Mapping Rule.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" var role role roleMappingRule := &roleMappingRule{ claim: jsii.String("claim"), claimValue: jsii.String("claimValue"), mappedRole: role, // the properties below are optional matchType: awscdk.Aws_cognito_identitypool.roleMappingMatchType_EQUALS, }
Experimental.
type UserPoolAuthenticationProvider ¶
type UserPoolAuthenticationProvider interface { IUserPoolAuthenticationProvider // The method called when a given User Pool Authentication Provider is added (for the first time) to an Identity Pool. // Experimental. Bind(scope constructs.Construct, identityPool IIdentityPool, _options *UserPoolAuthenticationProviderBindOptions) *UserPoolAuthenticationProviderBindConfig }
Defines a User Pool Authentication Provider.
Example:
var identityPool identityPool userPool := cognito.NewUserPool(this, jsii.String("Pool")) identityPool.addUserPoolAuthentication(awscdk.NewUserPoolAuthenticationProvider(&userPoolAuthenticationProviderProps{ userPool: userPool, disableServerSideTokenCheck: jsii.Boolean(true), }))
Experimental.
func NewUserPoolAuthenticationProvider ¶
func NewUserPoolAuthenticationProvider(props *UserPoolAuthenticationProviderProps) UserPoolAuthenticationProvider
Experimental.
type UserPoolAuthenticationProviderBindConfig ¶
type UserPoolAuthenticationProviderBindConfig struct { // Client Id of the Associated User Pool Client. // Experimental. ClientId *string `field:"required" json:"clientId" yaml:"clientId"` // The identity providers associated with the UserPool. // Experimental. ProviderName *string `field:"required" json:"providerName" yaml:"providerName"` // Whether to enable the identity pool's server side token check. // Experimental. ServerSideTokenCheck *bool `field:"required" json:"serverSideTokenCheck" yaml:"serverSideTokenCheck"` }
Represents a UserPoolAuthenticationProvider Bind Configuration.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" userPoolAuthenticationProviderBindConfig := &userPoolAuthenticationProviderBindConfig{ clientId: jsii.String("clientId"), providerName: jsii.String("providerName"), serverSideTokenCheck: jsii.Boolean(false), }
Experimental.
type UserPoolAuthenticationProviderBindOptions ¶
type UserPoolAuthenticationProviderBindOptions struct { }
Represents UserPoolAuthenticationProvider Bind Options.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" userPoolAuthenticationProviderBindOptions := &userPoolAuthenticationProviderBindOptions{ }
Experimental.
type UserPoolAuthenticationProviderProps ¶
type UserPoolAuthenticationProviderProps struct { // The User Pool of the Associated Identity Providers. // Experimental. UserPool awscognito.IUserPool `field:"required" json:"userPool" yaml:"userPool"` // Setting this to true turns off identity pool checks for this user pool to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html // // Experimental. DisableServerSideTokenCheck *bool `field:"optional" json:"disableServerSideTokenCheck" yaml:"disableServerSideTokenCheck"` // The User Pool Client for the provided User Pool. // Experimental. UserPoolClient awscognito.IUserPoolClient `field:"optional" json:"userPoolClient" yaml:"userPoolClient"` }
Props for the User Pool Authentication Provider.
Example:
var identityPool identityPool userPool := cognito.NewUserPool(this, jsii.String("Pool")) identityPool.addUserPoolAuthentication(awscdk.NewUserPoolAuthenticationProvider(&userPoolAuthenticationProviderProps{ userPool: userPool, disableServerSideTokenCheck: jsii.Boolean(true), }))
Experimental.
Source Files ¶
- awscognitoidentitypool.go
- awscognitoidentitypool_IIdentityPool.go
- awscognitoidentitypool_IIdentityPoolRoleAttachment.go
- awscognitoidentitypool_IUserPoolAuthenticationProvider.go
- awscognitoidentitypool_IdentityPool.go
- awscognitoidentitypool_IdentityPoolAmazonLoginProvider.go
- awscognitoidentitypool_IdentityPoolAppleLoginProvider.go
- awscognitoidentitypool_IdentityPoolAuthenticationProviders.go
- awscognitoidentitypool_IdentityPoolDigitsLoginProvider.go
- awscognitoidentitypool_IdentityPoolFacebookLoginProvider.go
- awscognitoidentitypool_IdentityPoolGoogleLoginProvider.go
- awscognitoidentitypool_IdentityPoolProps.go
- awscognitoidentitypool_IdentityPoolProviderType.go
- awscognitoidentitypool_IdentityPoolProviderUrl.go
- awscognitoidentitypool_IdentityPoolProviders.go
- awscognitoidentitypool_IdentityPoolRoleAttachment.go
- awscognitoidentitypool_IdentityPoolRoleAttachmentProps.go
- awscognitoidentitypool_IdentityPoolRoleMapping.go
- awscognitoidentitypool_IdentityPoolTwitterLoginProvider.go
- awscognitoidentitypool_RoleMappingMatchType.go
- awscognitoidentitypool_RoleMappingRule.go
- awscognitoidentitypool_UserPoolAuthenticationProvider.go
- awscognitoidentitypool_UserPoolAuthenticationProviderBindConfig.go
- awscognitoidentitypool_UserPoolAuthenticationProviderBindOptions.go
- awscognitoidentitypool_UserPoolAuthenticationProviderProps.go