identity_pools

Creates, updates, deletes or gets an identity_pool resource or lists identity_pools in a region

Overview

Name	`identity_pools`
Type	Resource
Description	Resource Type definition for AWS::Cognito::IdentityPool
Id	`awscc.cognito.identity_pools`

Fields

get (all properties)
list (identifiers only)

Name	Datatype	Description
▶`push_sync`	`object`
▶`cognito_identity_providers`	`array`
`developer_provider_name`	`string`
▶`cognito_streams`	`object`
`supported_login_providers`	`object`
`name`	`string`
`cognito_events`	`object`
`id`	`string`
`identity_pool_name`	`string`
`allow_unauthenticated_identities`	`boolean`
`saml_provider_arns`	`array`
`open_id_connect_provider_arns`	`array`
`allow_classic_flow`	`boolean`
▶`identity_pool_tags`	`array`	An array of key-value pairs to apply to this resource.
`region`	`string`	AWS region.

Name	Datatype	Description
`id`	`string`
`region`	`string`	AWS region.

For more information, see AWS::Cognito::IdentityPool.

Methods

Name	Resource	Accessible by	Required Params
`create_resource`	`identity_pools`	`INSERT`	`AllowUnauthenticatedIdentities, region`
`delete_resource`	`identity_pools`	`DELETE`	`Identifier, region`
`update_resource`	`identity_pools`	`UPDATE`	`Identifier, PatchDocument, region`
`list_resources`	`identity_pools_list_only`	`SELECT`	`region`
`get_resource`	`identity_pools`	`SELECT`	`Identifier, region`

`SELECT` examples

get (all properties)
list (identifiers only)

Gets all properties from an individual identity_pool.

SELECT
  region,
  push_sync,
  cognito_identity_providers,
  developer_provider_name,
  cognito_streams,
  supported_login_providers,
  name,
  cognito_events,
  id,
  identity_pool_name,
  allow_unauthenticated_identities,
  saml_provider_arns,
  open_id_connect_provider_arns,
  allow_classic_flow,
  identity_pool_tags
FROM awscc.cognito.identity_pools
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ id }}';

Lists all identity_pools in a region.

SELECT
  region,
  id
FROM awscc.cognito.identity_pools_list_only
WHERE
  region = '{{ region }}';

`INSERT` example

Use the following StackQL query and manifest file to create a new identity_pool resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO awscc.cognito.identity_pools (
  AllowUnauthenticatedIdentities,
  region
)
SELECT
  '{{ allow_unauthenticated_identities }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

/*+ create */
INSERT INTO awscc.cognito.identity_pools (
  PushSync,
  CognitoIdentityProviders,
  DeveloperProviderName,
  CognitoStreams,
  SupportedLoginProviders,
  CognitoEvents,
  IdentityPoolName,
  AllowUnauthenticatedIdentities,
  SamlProviderARNs,
  OpenIdConnectProviderARNs,
  AllowClassicFlow,
  IdentityPoolTags,
  region
)
SELECT
  '{{ push_sync }}',
  '{{ cognito_identity_providers }}',
  '{{ developer_provider_name }}',
  '{{ cognito_streams }}',
  '{{ supported_login_providers }}',
  '{{ cognito_events }}',
  '{{ identity_pool_name }}',
  '{{ allow_unauthenticated_identities }}',
  '{{ saml_provider_arns }}',
  '{{ open_id_connect_provider_arns }}',
  '{{ allow_classic_flow }}',
  '{{ identity_pool_tags }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
  value: '{{ vars.AWS_REGION }}'
resources:
- name: identity_pool
  props:
    - name: push_sync
      value:
        application_arns:
          - '{{ application_arns[0] }}'
        role_arn: '{{ role_arn }}'
    - name: cognito_identity_providers
      value:
        - server_side_token_check: '{{ server_side_token_check }}'
          provider_name: '{{ provider_name }}'
          client_id: '{{ client_id }}'
    - name: developer_provider_name
      value: '{{ developer_provider_name }}'
    - name: cognito_streams
      value:
        streaming_status: '{{ streaming_status }}'
        stream_name: '{{ stream_name }}'
        role_arn: '{{ role_arn }}'
    - name: supported_login_providers
      value: {}
    - name: cognito_events
      value: {}
    - name: identity_pool_name
      value: '{{ identity_pool_name }}'
    - name: allow_unauthenticated_identities
      value: '{{ allow_unauthenticated_identities }}'
    - name: saml_provider_arns
      value:
        - '{{ saml_provider_arns[0] }}'
    - name: open_id_connect_provider_arns
      value:
        - '{{ open_id_connect_provider_arns[0] }}'
    - name: allow_classic_flow
      value: '{{ allow_classic_flow }}'
    - name: identity_pool_tags
      value:
        - key: '{{ key }}'
          value: '{{ value }}'

`UPDATE` example

Use the following StackQL query and manifest file to update a identity_pool resource, using stack-deploy.

/*+ update */
UPDATE awscc.cognito.identity_pools
SET PatchDocument = string('{{ {
    "PushSync": push_sync,
    "CognitoIdentityProviders": cognito_identity_providers,
    "DeveloperProviderName": developer_provider_name,
    "CognitoStreams": cognito_streams,
    "SupportedLoginProviders": supported_login_providers,
    "CognitoEvents": cognito_events,
    "IdentityPoolName": identity_pool_name,
    "AllowUnauthenticatedIdentities": allow_unauthenticated_identities,
    "SamlProviderARNs": saml_provider_arns,
    "OpenIdConnectProviderARNs": open_id_connect_provider_arns,
    "AllowClassicFlow": allow_classic_flow,
    "IdentityPoolTags": identity_pool_tags
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ id }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

`DELETE` example

/*+ delete */
DELETE FROM awscc.cognito.identity_pools
WHERE
  Identifier = '{{ id }}' AND
  region = '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

Additional Parameters

Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:

Parameter	Description
`ClientToken`	A unique identifier to ensure the idempotency of the resource request. This allows the provider to accurately distinguish between retries and new requests. A client token is valid for 36 hours once used. After that, a resource request with the same client token is treated as a new request. If you do not specify a client token, one is generated for inclusion in the request.
`RoleArn`	The ARN of the IAM role used to perform this resource operation. The role specified must have the permissions required for this operation. If you do not specify a role, a temporary session is created using your AWS user credentials.
`TypeVersionId`	For private resource types, the type version to use in this resource operation. If you do not specify a resource version, the default version is used.

Permissions

To operate on the identity_pools resource, the following permissions are required:

Create
Read
Update
Delete
List

cognito-identity:CreateIdentityPool,
cognito-sync:SetIdentityPoolConfiguration,
cognito-sync:SetCognitoEvents,
cognito-identity:TagResource,
iam:PassRole

cognito-identity:DescribeIdentityPool

cognito-identity:UpdateIdentityPool,
cognito-identity:DescribeIdentityPool,
cognito-sync:SetIdentityPoolConfiguration,
cognito-sync:SetCognitoEvents,
cognito-identity:TagResource,
cognito-identity:UntagResource,
iam:PassRole

cognito-identity:DeleteIdentityPool

cognito-identity:ListIdentityPools

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

UPDATE example​

DELETE example​

Additional Parameters​

Permissions​