Resource: awsCognitoUserGroup
Provides a Cognito User Group resource.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsCognitoUserPoolMain = new aws.cognitoUserPool.CognitoUserPool(
this,
"main",
{
name: "identity pool",
}
);
const dataAwsIamPolicyDocumentGroupRole =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"group_role",
{
statement: [
{
actions: ["sts:AssumeRoleWithWebIdentity"],
condition: [
{
test: "StringEquals",
values: ["us-east-1:12345678-dead-beef-cafe-123456790ab"],
variable: "cognito-identity.amazonaws.com:aud",
},
{
test: "ForAnyValue:StringLike",
values: ["authenticated"],
variable: "cognito-identity.amazonaws.com:amr",
},
],
effect: "Allow",
principals: [
{
identifiers: ["cognito-identity.amazonaws.com"],
type: "Federated",
},
],
},
],
}
);
const awsIamRoleGroupRole = new aws.iamRole.IamRole(this, "group_role_2", {
assumeRolePolicy: dataAwsIamPolicyDocumentGroupRole.json,
name: "user-group-role",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRoleGroupRole.overrideLogicalId("group_role");
const awsCognitoUserGroupMain = new aws.cognitoUserGroup.CognitoUserGroup(
this,
"main_3",
{
description: "Managed by Terraform",
name: "user-group",
precedence: 42,
roleArn: awsIamRoleGroupRole.arn,
userPoolId: awsCognitoUserPoolMain.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCognitoUserGroupMain.overrideLogicalId("main");
Argument Reference
The following arguments are supported:
name
- (Required) The name of the user group.userPoolId
- (Required) The user pool ID.description
- (Optional) The description of the user group.precedence
- (Optional) The precedence of the user group.roleArn
- (Optional) The ARN of the IAM role to be associated with the user group.
Attributes Reference
No additional attributes are exported.
Import
Cognito User Groups can be imported using the userPoolId
/name
attributes concatenated, e.g.,