Skip to content

Resource: awsCognitoUserGroup

Provides a Cognito User Group resource.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsCognitoUserPoolMain = new aws.cognitoUserPool.CognitoUserPool(
  this,
  "main",
  {
    name: "identity pool",
  }
);
const dataAwsIamPolicyDocumentGroupRole =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
    this,
    "group_role",
    {
      statement: [
        {
          actions: ["sts:AssumeRoleWithWebIdentity"],
          condition: [
            {
              test: "StringEquals",
              values: ["us-east-1:12345678-dead-beef-cafe-123456790ab"],
              variable: "cognito-identity.amazonaws.com:aud",
            },
            {
              test: "ForAnyValue:StringLike",
              values: ["authenticated"],
              variable: "cognito-identity.amazonaws.com:amr",
            },
          ],
          effect: "Allow",
          principals: [
            {
              identifiers: ["cognito-identity.amazonaws.com"],
              type: "Federated",
            },
          ],
        },
      ],
    }
  );
const awsIamRoleGroupRole = new aws.iamRole.IamRole(this, "group_role_2", {
  assumeRolePolicy: dataAwsIamPolicyDocumentGroupRole.json,
  name: "user-group-role",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRoleGroupRole.overrideLogicalId("group_role");
const awsCognitoUserGroupMain = new aws.cognitoUserGroup.CognitoUserGroup(
  this,
  "main_3",
  {
    description: "Managed by Terraform",
    name: "user-group",
    precedence: 42,
    roleArn: awsIamRoleGroupRole.arn,
    userPoolId: awsCognitoUserPoolMain.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCognitoUserGroupMain.overrideLogicalId("main");

Argument Reference

The following arguments are supported:

  • name - (Required) The name of the user group.
  • userPoolId - (Required) The user pool ID.
  • description - (Optional) The description of the user group.
  • precedence - (Optional) The precedence of the user group.
  • roleArn - (Optional) The ARN of the IAM role to be associated with the user group.

Attributes Reference

No additional attributes are exported.

Import

Cognito User Groups can be imported using the userPoolId/name attributes concatenated, e.g.,

$ terraform import aws_cognito_user_group.group us-east-1_vG78M4goG/user-group