AWS Cloud Control v1.26.0, Mar 12 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

aws-native.cognito.IdentityPool

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

Create IdentityPool Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new IdentityPool(name: string, args: IdentityPoolArgs, opts?: CustomResourceOptions);

@overload
def IdentityPool(resource_name: str,
                 args: IdentityPoolArgs,
                 opts: Optional[ResourceOptions] = None)

@overload
def IdentityPool(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 allow_unauthenticated_identities: Optional[bool] = None,
                 allow_classic_flow: Optional[bool] = None,
                 cognito_events: Optional[Any] = None,
                 cognito_identity_providers: Optional[Sequence[IdentityPoolCognitoIdentityProviderArgs]] = None,
                 cognito_streams: Optional[IdentityPoolCognitoStreamsArgs] = None,
                 developer_provider_name: Optional[str] = None,
                 identity_pool_name: Optional[str] = None,
                 identity_pool_tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
                 open_id_connect_provider_arns: Optional[Sequence[str]] = None,
                 push_sync: Optional[IdentityPoolPushSyncArgs] = None,
                 saml_provider_arns: Optional[Sequence[str]] = None,
                 supported_login_providers: Optional[Any] = None)

func NewIdentityPool(ctx *Context, name string, args IdentityPoolArgs, opts ...ResourceOption) (*IdentityPool, error)

public IdentityPool(string name, IdentityPoolArgs args, CustomResourceOptions? opts = null)

public IdentityPool(String name, IdentityPoolArgs args)
public IdentityPool(String name, IdentityPoolArgs args, CustomResourceOptions options)

type: aws-native:cognito:IdentityPool
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args IdentityPoolArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IdentityPoolArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IdentityPoolArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IdentityPoolArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IdentityPoolArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

IdentityPool Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IdentityPool resource accepts the following input properties:

AllowUnauthenticatedIdentities bool

Specifies whether the identity pool supports unauthenticated logins.

AllowClassicFlow bool

Enables the Basic (Classic) authentication flow.

CognitoEvents object

The events to configure.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

CognitoIdentityProviders List<Pulumi.AwsNative.Cognito.Inputs.IdentityPoolCognitoIdentityProvider>

The Amazon Cognito user pools and their client IDs.

CognitoStreams Pulumi.AwsNative.Cognito.Inputs.IdentityPoolCognitoStreams

Configuration options for configuring Amazon Cognito streams.

DeveloperProviderName string

The "domain" Amazon Cognito uses when referencing your users. This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the DeveloperProviderName , you can use letters and periods (.), underscores (_), and dashes (-).

Minimum length : 1

Maximum length : 100

IdentityPoolName string

The name of your Amazon Cognito identity pool.

Minimum length : 1

Maximum length : 128

Pattern : [\w\s+=,.@-]+

IdentityPoolTags List<Pulumi.AwsNative.Inputs.Tag>

An array of key-value pairs to apply to this resource.

OpenIdConnectProviderArns List<string>

The Amazon Resource Names (ARNs) of the OpenID connect providers.

PushSync Pulumi.AwsNative.Cognito.Inputs.IdentityPoolPushSync

The configuration options to be applied to the identity pool.

SamlProviderArns List<string>

The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.

SupportedLoginProviders object

Key-value pairs that map provider names to provider app IDs.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

AllowUnauthenticatedIdentities bool

Specifies whether the identity pool supports unauthenticated logins.

AllowClassicFlow bool

Enables the Basic (Classic) authentication flow.

CognitoEvents interface{}

The events to configure.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

CognitoIdentityProviders []IdentityPoolCognitoIdentityProviderArgs

The Amazon Cognito user pools and their client IDs.

CognitoStreams IdentityPoolCognitoStreamsArgs

Configuration options for configuring Amazon Cognito streams.

DeveloperProviderName string

Minimum length : 1

Maximum length : 100

IdentityPoolName string

The name of your Amazon Cognito identity pool.

Minimum length : 1

Maximum length : 128

Pattern : [\w\s+=,.@-]+

IdentityPoolTags TagArgs

An array of key-value pairs to apply to this resource.

OpenIdConnectProviderArns []string

The Amazon Resource Names (ARNs) of the OpenID connect providers.

PushSync IdentityPoolPushSyncArgs

The configuration options to be applied to the identity pool.

SamlProviderArns []string

The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.

SupportedLoginProviders interface{}

Key-value pairs that map provider names to provider app IDs.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

allowUnauthenticatedIdentities Boolean

Specifies whether the identity pool supports unauthenticated logins.

allowClassicFlow Boolean

Enables the Basic (Classic) authentication flow.

cognitoEvents Object

The events to configure.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

cognitoIdentityProviders List<IdentityPoolCognitoIdentityProvider>

The Amazon Cognito user pools and their client IDs.

cognitoStreams IdentityPoolCognitoStreams

Configuration options for configuring Amazon Cognito streams.

developerProviderName String

Minimum length : 1

Maximum length : 100

identityPoolName String

The name of your Amazon Cognito identity pool.

Minimum length : 1

Maximum length : 128

Pattern : [\w\s+=,.@-]+

identityPoolTags List<Tag>

An array of key-value pairs to apply to this resource.

openIdConnectProviderArns List<String>

The Amazon Resource Names (ARNs) of the OpenID connect providers.

pushSync IdentityPoolPushSync

The configuration options to be applied to the identity pool.

samlProviderArns List<String>

The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.

supportedLoginProviders Object

Key-value pairs that map provider names to provider app IDs.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

allowUnauthenticatedIdentities boolean

Specifies whether the identity pool supports unauthenticated logins.

allowClassicFlow boolean

Enables the Basic (Classic) authentication flow.

cognitoEvents any

The events to configure.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

cognitoIdentityProviders IdentityPoolCognitoIdentityProvider[]

The Amazon Cognito user pools and their client IDs.

cognitoStreams IdentityPoolCognitoStreams

Configuration options for configuring Amazon Cognito streams.

developerProviderName string

Minimum length : 1

Maximum length : 100

identityPoolName string

The name of your Amazon Cognito identity pool.

Minimum length : 1

Maximum length : 128

Pattern : [\w\s+=,.@-]+

identityPoolTags Tag[]

An array of key-value pairs to apply to this resource.

openIdConnectProviderArns string[]

The Amazon Resource Names (ARNs) of the OpenID connect providers.

pushSync IdentityPoolPushSync

The configuration options to be applied to the identity pool.

samlProviderArns string[]

The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.

supportedLoginProviders any

Key-value pairs that map provider names to provider app IDs.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

allow_unauthenticated_identities bool

Specifies whether the identity pool supports unauthenticated logins.

allow_classic_flow bool

Enables the Basic (Classic) authentication flow.

cognito_events Any

The events to configure.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

cognito_identity_providers Sequence[IdentityPoolCognitoIdentityProviderArgs]

The Amazon Cognito user pools and their client IDs.

cognito_streams IdentityPoolCognitoStreamsArgs

Configuration options for configuring Amazon Cognito streams.

developer_provider_name str

Minimum length : 1

Maximum length : 100

identity_pool_name str

The name of your Amazon Cognito identity pool.

Minimum length : 1

Maximum length : 128

Pattern : [\w\s+=,.@-]+

identity_pool_tags Sequence[TagArgs]

An array of key-value pairs to apply to this resource.

open_id_connect_provider_arns Sequence[str]

The Amazon Resource Names (ARNs) of the OpenID connect providers.

push_sync IdentityPoolPushSyncArgs

The configuration options to be applied to the identity pool.

saml_provider_arns Sequence[str]

The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.

supported_login_providers Any

Key-value pairs that map provider names to provider app IDs.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

allowUnauthenticatedIdentities Boolean

Specifies whether the identity pool supports unauthenticated logins.

allowClassicFlow Boolean

Enables the Basic (Classic) authentication flow.

cognitoEvents Any

The events to configure.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

cognitoIdentityProviders List<Property Map>

The Amazon Cognito user pools and their client IDs.

cognitoStreams Property Map

Configuration options for configuring Amazon Cognito streams.

developerProviderName String

Minimum length : 1

Maximum length : 100

identityPoolName String

The name of your Amazon Cognito identity pool.

Minimum length : 1

Maximum length : 128

Pattern : [\w\s+=,.@-]+

identityPoolTags List<Property Map>

An array of key-value pairs to apply to this resource.

openIdConnectProviderArns List<String>

The Amazon Resource Names (ARNs) of the OpenID connect providers.

pushSync Property Map

The configuration options to be applied to the identity pool.

samlProviderArns List<String>

The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.

supportedLoginProviders Any

Key-value pairs that map provider names to provider app IDs.

Search the CloudFormation User Guide for AWS::Cognito::IdentityPool for more information about the expected schema for this property.

Outputs

All input properties are implicitly available as output properties. Additionally, the IdentityPool resource produces the following output properties:

AwsId string
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name of the Amazon Cognito identity pool, returned as a string.

AwsId string
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name of the Amazon Cognito identity pool, returned as a string.

awsId String
id String: The provider-assigned unique ID for this managed resource.
name String: The name of the Amazon Cognito identity pool, returned as a string.

awsId string
id string: The provider-assigned unique ID for this managed resource.
name string: The name of the Amazon Cognito identity pool, returned as a string.

aws_id str
id str: The provider-assigned unique ID for this managed resource.
name str: The name of the Amazon Cognito identity pool, returned as a string.

awsId String
id String: The provider-assigned unique ID for this managed resource.
name String: The name of the Amazon Cognito identity pool, returned as a string.

Supporting Types

IdentityPoolCognitoIdentityProvider
, IdentityPoolCognitoIdentityProviderArgs

ClientId string

The client ID for the Amazon Cognito user pool.

ProviderName string

The provider name for an Amazon Cognito user pool. For example: cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789 .

ServerSideTokenCheck bool

TRUE if server-side token validation is enabled for the identity provider’s token.

After you set the ServerSideTokenCheck to TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.

If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.

ClientId string

The client ID for the Amazon Cognito user pool.

ProviderName string

The provider name for an Amazon Cognito user pool. For example: cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789 .

ServerSideTokenCheck bool

TRUE if server-side token validation is enabled for the identity provider’s token.

If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.

clientId String

The client ID for the Amazon Cognito user pool.

providerName String

The provider name for an Amazon Cognito user pool. For example: cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789 .

serverSideTokenCheck Boolean

TRUE if server-side token validation is enabled for the identity provider’s token.

If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.

clientId string

The client ID for the Amazon Cognito user pool.

providerName string

The provider name for an Amazon Cognito user pool. For example: cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789 .

serverSideTokenCheck boolean

TRUE if server-side token validation is enabled for the identity provider’s token.

If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.

client_id str

The client ID for the Amazon Cognito user pool.

provider_name str

The provider name for an Amazon Cognito user pool. For example: cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789 .

server_side_token_check bool

TRUE if server-side token validation is enabled for the identity provider’s token.

If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.

clientId String

The client ID for the Amazon Cognito user pool.

providerName String

The provider name for an Amazon Cognito user pool. For example: cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789 .

serverSideTokenCheck Boolean

TRUE if server-side token validation is enabled for the identity provider’s token.

If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.

IdentityPoolCognitoStreams
, IdentityPoolCognitoStreamsArgs

RoleArn string: The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke PutRecord on your Amazon Cognito stream.
StreamName string: The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
StreamingStatus string: Status of the Amazon Cognito streams. Valid values are: ENABLED or DISABLED .

RoleArn string: The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke PutRecord on your Amazon Cognito stream.
StreamName string: The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
StreamingStatus string: Status of the Amazon Cognito streams. Valid values are: ENABLED or DISABLED .

roleArn String: The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke PutRecord on your Amazon Cognito stream.
streamName String: The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
streamingStatus String: Status of the Amazon Cognito streams. Valid values are: ENABLED or DISABLED .

roleArn string: The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke PutRecord on your Amazon Cognito stream.
streamName string: The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
streamingStatus string: Status of the Amazon Cognito streams. Valid values are: ENABLED or DISABLED .

role_arn str: The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke PutRecord on your Amazon Cognito stream.
stream_name str: The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
streaming_status str: Status of the Amazon Cognito streams. Valid values are: ENABLED or DISABLED .

roleArn String: The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. This role must grant access to Amazon Cognito (cognito-sync) to invoke PutRecord on your Amazon Cognito stream.
streamName String: The name of the Amazon Cognito stream to receive updates. This stream must be in the developer's account and in the same Region as the identity pool.
streamingStatus String: Status of the Amazon Cognito streams. Valid values are: ENABLED or DISABLED .

IdentityPoolPushSync
, IdentityPoolPushSyncArgs

ApplicationArns List<string>: The ARNs of the Amazon SNS platform applications that could be used by clients.
RoleArn string: An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.

ApplicationArns []string: The ARNs of the Amazon SNS platform applications that could be used by clients.
RoleArn string: An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.

applicationArns List<String>: The ARNs of the Amazon SNS platform applications that could be used by clients.
roleArn String: An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.

applicationArns string[]: The ARNs of the Amazon SNS platform applications that could be used by clients.
roleArn string: An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.

application_arns Sequence[str]: The ARNs of the Amazon SNS platform applications that could be used by clients.
role_arn str: An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.

applicationArns List<String>: The ARNs of the Amazon SNS platform applications that could be used by clients.
roleArn String: An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.

Tag
, TagArgs

Key string: The key name of the tag
Value string: The value of the tag

Key string: The key name of the tag
Value string: The value of the tag

key String: The key name of the tag
value String: The value of the tag

key string: The key name of the tag
value string: The value of the tag

key str: The key name of the tag
value str: The value of the tag

key String: The key name of the tag
value String: The value of the tag

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.cognito.IdentityPool

On this page

On this page

Create IdentityPool Resource

Constructor syntax

Parameters

IdentityPool Resource Properties

Inputs

Outputs

Supporting Types

IdentityPoolCognitoIdentityProvider
, IdentityPoolCognitoIdentityProviderArgs

IdentityPoolCognitoStreams
, IdentityPoolCognitoStreamsArgs

IdentityPoolPushSync
, IdentityPoolPushSyncArgs

Tag
, TagArgs

Package Details

On this page

On this page

aws-native.cognito.IdentityPool

On this page

On this page

Create IdentityPool Resource

Constructor syntax

Parameters

IdentityPool Resource Properties

Inputs

Outputs

Supporting Types

IdentityPoolCognitoIdentityProvider, IdentityPoolCognitoIdentityProviderArgs

IdentityPoolCognitoStreams, IdentityPoolCognitoStreamsArgs

IdentityPoolPushSync, IdentityPoolPushSyncArgs

Tag, TagArgs

Package Details

On this page

On this page

IdentityPoolCognitoIdentityProvider
, IdentityPoolCognitoIdentityProviderArgs

IdentityPoolCognitoStreams
, IdentityPoolCognitoStreamsArgs

IdentityPoolPushSync
, IdentityPoolPushSyncArgs

Tag
, TagArgs