identity_pools

Creates, updates, deletes or gets an identity_pool resource or lists identity_pools in a region

Overview

Name	`identity_pools`
Type	Resource
Description	Resource Type definition for AWS::Cognito::IdentityPool
Id	`aws.cognito.identity_pools`

Fields

Name	Datatype	Description
`push_sync`	`object`
`cognito_identity_providers`	`array`
`developer_provider_name`	`string`
`cognito_streams`	`object`
`supported_login_providers`	`object`
`name`	`string`
`cognito_events`	`object`
`id`	`string`
`identity_pool_name`	`string`
`allow_unauthenticated_identities`	`boolean`
`saml_provider_arns`	`array`
`open_id_connect_provider_arns`	`array`
`allow_classic_flow`	`boolean`
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`AllowUnauthenticatedIdentities, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all identity_pools in a region.

SELECT
region,
push_sync,
cognito_identity_providers,
developer_provider_name,
cognito_streams,
supported_login_providers,
name,
cognito_events,
id,
identity_pool_name,
allow_unauthenticated_identities,
saml_provider_arns,
open_id_connect_provider_arns,
allow_classic_flow
FROM aws.cognito.identity_pools
WHERE region = 'us-east-1';

Gets all properties from an individual identity_pool.

SELECT
region,
push_sync,
cognito_identity_providers,
developer_provider_name,
cognito_streams,
supported_login_providers,
name,
cognito_events,
id,
identity_pool_name,
allow_unauthenticated_identities,
saml_provider_arns,
open_id_connect_provider_arns,
allow_classic_flow
FROM aws.cognito.identity_pools
WHERE region = 'us-east-1' AND data__Identifier = '<Id>';

`INSERT` example

Use the following StackQL query and manifest file to create a new identity_pool resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.cognito.identity_pools (
 AllowUnauthenticatedIdentities,
 region
)
SELECT 
'{{ AllowUnauthenticatedIdentities }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.cognito.identity_pools (
 PushSync,
 CognitoIdentityProviders,
 DeveloperProviderName,
 CognitoStreams,
 SupportedLoginProviders,
 CognitoEvents,
 IdentityPoolName,
 AllowUnauthenticatedIdentities,
 SamlProviderARNs,
 OpenIdConnectProviderARNs,
 AllowClassicFlow,
 region
)
SELECT 
 '{{ PushSync }}',
 '{{ CognitoIdentityProviders }}',
 '{{ DeveloperProviderName }}',
 '{{ CognitoStreams }}',
 '{{ SupportedLoginProviders }}',
 '{{ CognitoEvents }}',
 '{{ IdentityPoolName }}',
 '{{ AllowUnauthenticatedIdentities }}',
 '{{ SamlProviderARNs }}',
 '{{ OpenIdConnectProviderARNs }}',
 '{{ AllowClassicFlow }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: identity_pool
    props:
      - name: PushSync
        value:
          ApplicationArns:
            - '{{ ApplicationArns[0] }}'
          RoleArn: '{{ RoleArn }}'
      - name: CognitoIdentityProviders
        value:
          - ServerSideTokenCheck: '{{ ServerSideTokenCheck }}'
            ProviderName: '{{ ProviderName }}'
            ClientId: '{{ ClientId }}'
      - name: DeveloperProviderName
        value: '{{ DeveloperProviderName }}'
      - name: CognitoStreams
        value:
          StreamingStatus: '{{ StreamingStatus }}'
          StreamName: '{{ StreamName }}'
          RoleArn: '{{ RoleArn }}'
      - name: SupportedLoginProviders
        value: {}
      - name: CognitoEvents
        value: {}
      - name: IdentityPoolName
        value: '{{ IdentityPoolName }}'
      - name: AllowUnauthenticatedIdentities
        value: '{{ AllowUnauthenticatedIdentities }}'
      - name: SamlProviderARNs
        value:
          - '{{ SamlProviderARNs[0] }}'
      - name: OpenIdConnectProviderARNs
        value:
          - '{{ OpenIdConnectProviderARNs[0] }}'
      - name: AllowClassicFlow
        value: '{{ AllowClassicFlow }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.cognito.identity_pools
WHERE data__Identifier = '<Id>'
AND region = 'us-east-1';

Permissions

To operate on the identity_pools resource, the following permissions are required:

Create

cognito-identity:CreateIdentityPool,
cognito-sync:SetIdentityPoolConfiguration,
cognito-sync:SetCognitoEvents,
iam:PassRole

Read

cognito-identity:DescribeIdentityPool

Update

cognito-identity:UpdateIdentityPool,
cognito-identity:DescribeIdentityPool,
cognito-sync:SetIdentityPoolConfiguration,
cognito-sync:SetCognitoEvents,
iam:PassRole

Delete

cognito-identity:DeleteIdentityPool

List

cognito-identity:ListIdentityPools

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​