identity_sources

Creates, updates, deletes or gets an identity_source resource or lists identity_sources in a region

Overview

Name	identity_sources
Type	Resource
Description	Definition of AWS::VerifiedPermissions::IdentitySource Resource Type
Id	awscc.verifiedpermissions.identity_sources

Fields

get (all properties)

Name	Datatype	Description
configuration	object
▶details	object
identity_source_id	string
policy_store_id	string
principal_entity_type	string
region	string	AWS region.

list (identifiers only)

Name	Datatype	Description
identity_source_id	string
policy_store_id	string
region	string	AWS region.

For more information, see AWS::VerifiedPermissions::IdentitySource.

Methods

Name	Resource	Accessible by	Required Params
create_resource	identity_sources	INSERT	Configuration, PolicyStoreId, region
delete_resource	identity_sources	DELETE	Identifier, region
update_resource	identity_sources	UPDATE	Identifier, PatchDocument, region
list_resources	identity_sources_list_only	SELECT	region
get_resource	identity_sources	SELECT	Identifier, region

SELECT examples

get (all properties)

Gets all properties from an individual identity_source.

SELECT
  region,
  configuration,
  details,
  identity_source_id,
  policy_store_id,
  principal_entity_type
FROM awscc.verifiedpermissions.identity_sources
WHERE
  region = 'us-east-1' AND
  Identifier = '{{ identity_source_id }}|{{ policy_store_id }}';

list (identifiers only)

Lists all identity_sources in a region.

SELECT
  region,
  identity_source_id,
  policy_store_id
FROM awscc.verifiedpermissions.identity_sources_list_only
WHERE
  region = 'us-east-1';

INSERT example

Use the following StackQL query and manifest file to create a new identity_source resource, using stack-deploy.

Required Properties

/*+ create */
INSERT INTO awscc.verifiedpermissions.identity_sources (
  Configuration,
  PolicyStoreId,
  region
)
SELECT
  '{{ configuration }}',
  '{{ policy_store_id }}',
  '{{ region }}';

All Properties

/*+ create */
INSERT INTO awscc.verifiedpermissions.identity_sources (
  Configuration,
  PolicyStoreId,
  PrincipalEntityType,
  region
)
SELECT
  '{{ configuration }}',
  '{{ policy_store_id }}',
  '{{ principal_entity_type }}',
  '{{ region }}';

Manifest

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: identity_source
    props:
      - name: configuration
        value: null
      - name: policy_store_id
        value: '{{ policy_store_id }}'
      - name: principal_entity_type
        value: '{{ principal_entity_type }}'

UPDATE example

Use the following StackQL query and manifest file to update a identity_source resource, using stack-deploy.

/*+ update */
UPDATE awscc.verifiedpermissions.identity_sources
SET PatchDocument = string('{{ {
    "Configuration": configuration,
    "PrincipalEntityType": principal_entity_type
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ identity_source_id }}|{{ policy_store_id }}';

DELETE example

/*+ delete */
DELETE FROM awscc.verifiedpermissions.identity_sources
WHERE
  Identifier = '{{ identity_source_id }}|{{ policy_store_id }}' AND
  region = 'us-east-1';

Permissions

To operate on the identity_sources resource, the following permissions are required:

Create

verifiedpermissions:CreateIdentitySource,
verifiedpermissions:GetIdentitySource,
cognito-idp:DescribeUserPool,
cognito-idp:ListUserPoolClients

Read

verifiedpermissions:GetIdentitySource,
cognito-idp:DescribeUserPool,
cognito-idp:ListUserPoolClients

Update

verifiedpermissions:UpdateIdentitySource,
verifiedpermissions:GetIdentitySource,
cognito-idp:DescribeUserPool,
cognito-idp:ListUserPoolClients

Delete

verifiedpermissions:DeleteIdentitySource,
verifiedpermissions:GetIdentitySource,
cognito-idp:DescribeUserPool,
cognito-idp:ListUserPoolClients

List

verifiedpermissions:ListIdentitySources,
verifiedpermissions:GetIdentitySource,
cognito-idp:DescribeUserPool,
cognito-idp:ListUserPoolClients