UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

363 lines (362 loc) 11.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
import { Construct } from 'constructs'; import { IUserPoolAuthenticationProvider } from './identitypool-user-pool-authentication-provider'; import { CfnIdentityPoolRoleAttachment, IUserPool, IUserPoolClient } from '../../aws-cognito'; import { IOpenIdConnectProvider, ISamlProvider, IRole } from '../../aws-iam'; import { Resource, IResource } from '../../core'; /** * Represents a Cognito Identity Pool */ export interface IIdentityPool extends IResource { /** * The ID of the Identity Pool in the format REGION:GUID * @attribute */ readonly identityPoolId: string; /** * The ARN of the Identity Pool * @attribute */ readonly identityPoolArn: string; /** * Name of the Identity Pool * @attribute */ readonly identityPoolName: string; } /** * Props for the Identity Pool construct */ export interface IdentityPoolProps { /** * The name of the Identity Pool * @default - Automatically generated name by CloudFormation at deploy time */ readonly identityPoolName?: string; /** * The default Role to be assumed by authenticated users * @default - A default authenticated Role will be added */ readonly authenticatedRole?: IRole; /** * The default Role to be assumed by unauthenticated users * @default - A default unauthenticated Role will be added */ readonly unauthenticatedRole?: IRole; /** * Whether the Identity Pool supports unauthenticated logins * @default - false */ readonly allowUnauthenticatedIdentities?: boolean; /** * Rules for mapping roles to users * @default - no role mappings */ readonly roleMappings?: IdentityPoolRoleMapping[]; /** * Enables the Basic (Classic) authentication flow * @default - Classic Flow not allowed */ readonly allowClassicFlow?: boolean; /** * Authentication Providers for using in Identity Pool * @default - No Authentication Providers passed directly to Identity Pool */ readonly authenticationProviders?: IdentityPoolAuthenticationProviders; } /** * Types of Identity Pool Login Providers */ export declare enum IdentityPoolProviderType { /** Facebook provider type */ FACEBOOK = "Facebook", /** Google provider type */ GOOGLE = "Google", /** Amazon provider type */ AMAZON = "Amazon", /** Apple provider type */ APPLE = "Apple", /** Twitter provider type */ TWITTER = "Twitter", /** Open Id provider type */ OPEN_ID = "OpenId", /** Saml provider type */ SAML = "Saml", /** User Pool provider type */ USER_POOL = "UserPool", /** Custom provider type */ CUSTOM = "Custom" } /** * Keys for Login Providers - each correspond to the client IDs of their respective federation Identity Providers */ export declare class IdentityPoolProviderUrl { /** * The type of Identity Pool Provider */ readonly type: IdentityPoolProviderType; /** * The value of the Identity Pool Provider */ readonly value: string; /** Facebook Provider url */ static readonly FACEBOOK: IdentityPoolProviderUrl; /** Google Provider url */ static readonly GOOGLE: IdentityPoolProviderUrl; /** Amazon Provider url */ static readonly AMAZON: IdentityPoolProviderUrl; /** Apple Provider url */ static readonly APPLE: IdentityPoolProviderUrl; /** Twitter Provider url */ static readonly TWITTER: IdentityPoolProviderUrl; /** OpenId Provider url */ static openId(url: string): IdentityPoolProviderUrl; /** Saml Provider url */ static saml(url: string): IdentityPoolProviderUrl; /** User Pool Provider Url */ static userPool(userPool: IUserPool, userPoolClient: IUserPoolClient): IdentityPoolProviderUrl; /** Custom Provider url */ static custom(url: string): IdentityPoolProviderUrl; constructor( /** * The type of Identity Pool Provider */ type: IdentityPoolProviderType, /** * The value of the Identity Pool Provider */ value: string); } /** * Login Provider for identity federation using Amazon credentials */ export interface IdentityPoolAmazonLoginProvider { /** * App ID for Amazon identity federation */ readonly appId: string; } /** * Login Provider for identity federation using Facebook credentials */ export interface IdentityPoolFacebookLoginProvider { /** * App ID for Facebook identity federation */ readonly appId: string; } /** * Login Provider for identity federation using Apple credentials */ export interface IdentityPoolAppleLoginProvider { /** * Services ID for Apple identity federation */ readonly servicesId: string; } /** * Login Provider for identity federation using Google credentials */ export interface IdentityPoolGoogleLoginProvider { /** * Client ID for Google identity federation */ readonly clientId: string; } /** * Login Provider for identity federation using Twitter credentials */ export interface IdentityPoolTwitterLoginProvider { /** * Consumer key for Twitter identity federation */ readonly consumerKey: string; /** * Consumer secret for identity federation */ readonly consumerSecret: string; } /** * External Authentication Providers for usage in Identity Pool. * @see https://docs.aws.amazon.com/cognito/latest/developerguide/external-identity-providers.html */ export interface IdentityPoolAuthenticationProviders { /** * The Facebook Authentication Provider associated with this Identity Pool * @default - No Facebook Authentication Provider used without OpenIdConnect or a User Pool */ readonly facebook?: IdentityPoolFacebookLoginProvider; /** * The Google Authentication Provider associated with this Identity Pool * @default - No Google Authentication Provider used without OpenIdConnect or a User Pool */ readonly google?: IdentityPoolGoogleLoginProvider; /** * The Amazon Authentication Provider associated with this Identity Pool * @default - No Amazon Authentication Provider used without OpenIdConnect or a User Pool */ readonly amazon?: IdentityPoolAmazonLoginProvider; /** * The Apple Authentication Provider associated with this Identity Pool * @default - No Apple Authentication Provider used without OpenIdConnect or a User Pool */ readonly apple?: IdentityPoolAppleLoginProvider; /** * The Twitter Authentication Provider associated with this Identity Pool * @default - No Twitter Authentication Provider used without OpenIdConnect or a User Pool */ readonly twitter?: IdentityPoolTwitterLoginProvider; /** * The User Pool Authentication Providers associated with this Identity Pool * @default - no User Pools associated */ readonly userPools?: IUserPoolAuthenticationProvider[]; /** * The OpenIdConnect Provider associated with this Identity Pool * @default - no OpenIdConnectProvider */ readonly openIdConnectProviders?: IOpenIdConnectProvider[]; /** * The Security Assertion Markup Language provider associated with this Identity Pool * @default - no SamlProvider */ readonly samlProviders?: ISamlProvider[]; /** * The developer provider name to associate with this Identity Pool * @default - no custom provider */ readonly customProvider?: string; } /** * Map roles to users in the Identity Pool based on claims from the Identity Provider * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html */ export interface IdentityPoolRoleMapping { /** * The url of the Provider for which the role is mapped */ readonly providerUrl: IdentityPoolProviderUrl; /** * The key used for the role mapping in the role mapping hash. Required if the providerUrl is a token. * @default - The provided providerUrl */ readonly mappingKey?: string; /** * If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from Identity Provider. * @see https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html#using-tokens-to-assign-roles-to-users * * @default false */ readonly useToken?: boolean; /** * Allow for role assumption when results of role mapping are ambiguous * @default false - Ambiguous role resolutions will lead to requester being denied */ readonly resolveAmbiguousRoles?: boolean; /** * The claim and value that must be matched in order to assume the role. Required if useToken is false * @default - No role mapping rule */ readonly rules?: RoleMappingRule[]; } /** * Types of matches allowed for role mapping */ export declare enum RoleMappingMatchType { /** * The claim from the token must equal the given value in order for a match */ EQUALS = "Equals", /** * The claim from the token must contain the given value in order for a match */ CONTAINS = "Contains", /** * The claim from the token must start with the given value in order for a match */ STARTS_WITH = "StartsWith", /** * The claim from the token must not equal the given value in order for a match */ NOTEQUAL = "NotEqual" } /** * Represents an Identity Pool Role Attachment role mapping rule */ export interface RoleMappingRule { /** * The key sent in the token by the federated Identity Provider */ readonly claim: string; /** * The role to be assumed when the claim value is matched */ readonly mappedRole: IRole; /** * The value of the claim that must be matched */ readonly claimValue: string; /** * How to match with the claim value * * @default RoleMappingMatchType.EQUALS */ readonly matchType?: RoleMappingMatchType; } /** * Define a Cognito Identity Pool * * @resource AWS::Cognito::IdentityPool */ export declare class IdentityPool extends Resource implements IIdentityPool { /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** * Import an existing Identity Pool from its ID */ static fromIdentityPoolId(scope: Construct, id: string, identityPoolId: string): IIdentityPool; /** * Import an existing Identity Pool from its ARN */ static fromIdentityPoolArn(scope: Construct, id: string, identityPoolArn: string): IIdentityPool; /** * The ID of the Identity Pool in the format REGION:GUID * @attribute */ readonly identityPoolId: string; /** * The ARN of the Identity Pool * @attribute */ readonly identityPoolArn: string; /** * The name of the Identity Pool * @attribute */ readonly identityPoolName: string; /** * Default Role for authenticated users */ readonly authenticatedRole: IRole; /** * Default Role for unauthenticated users */ readonly unauthenticatedRole: IRole; /** * Role Provider for the default Role for authenticated users */ readonly roleAttachment: CfnIdentityPoolRoleAttachment; /** * List of Identity Providers added in constructor for use with property overrides */ private cognitoIdentityProviders; constructor(scope: Construct, id: string, props?: IdentityPoolProps); /** * Add a User Pool to the Identity Pool and configure the User Pool client to handle identities */ addUserPoolAuthentication(userPool: IUserPoolAuthenticationProvider): void; /** * Configure default Roles for Identity Pool */ private configureDefaultRole; private configureDefaultGrantPrincipal; }