From 5a053a78b7373f38a3e4cfbae1e915c94cc18716 Mon Sep 17 00:00:00 2001 From: Anton Tayanovskyy Date: Mon, 24 Apr 2023 13:47:11 -0400 Subject: [PATCH] Skip flaky example (#2485) Add a patch to skip an example that caused flaky builds AWS Cognito Identity Pool Roles Attachment example has flaky rendering to Pulumi languages causing unstable builds. Removing the example should make CI builds deterministic until such time as we can fix the root cause of this. --- provider/cmd/pulumi-resource-aws/schema.json | 2 +- .../Cognito/IdentityPoolRoleAttachment.cs | 129 ------------------ .../aws/cognito/identityPoolRoleAttachment.go | 122 ----------------- .../cognito/IdentityPoolRoleAttachment.java | 99 -------------- .../cognito/identityPoolRoleAttachment.ts | 70 ---------- .../cognito/identity_pool_role_attachment.py | 126 ----------------- upstream | 2 +- ...d-TagsSchemaTrulyComputed-definition.patch | 2 +- upstream-patches/0002-Conns-user-agent.patch | 2 +- ...03-Add-S3-legacy-bucket-to-resources.patch | 2 +- ...uration-as-Computed-for-Legacy-S3-Bu.patch | 2 +- .../0005-De-deprecate-bucket_object.patch | 2 +- ...keformation-catalog_resource-default.patch | 2 +- ...07-Workaround-SSM-Parameter-tier-bug.patch | 2 +- ...EKS-cluster-default_addons_to_remove.patch | 2 +- ...uster-certificate_authorities-plural.patch | 2 +- ...caling-launch_configuration-associat.patch | 2 +- ...0011-Add-ECR-credentials_data_source.patch | 2 +- .../0012-Revert-framework-conversions.patch | 2 +- ...3-Add-custom-appautoscaling-examples.patch | 2 +- .../0014-Add-dedicated_host-docs.patch | 2 +- .../0015-Revert-WAF-schema-changes.patch | 2 +- .../0016-Un-deprecate-RDS-instance-name.patch | 2 +- ...in-new-resourceTopicSubscriptionCust.patch | 2 +- ...018-add-matchmaking-configuration-72.patch | 2 +- ...0019-fix-Adding-back-in-removeAddons.patch | 2 +- ...tches-to-S3BucketLegacy-and-GameLift.patch | 2 +- ...-Revert-Update-endpointHashIPAddress.patch | 2 +- .../0022-Fixup-eks-formatting.patch | 2 +- .../0023-Fixup-gamelift-context.patch | 2 +- ...lt-descriptions-to-Managed-by-Pulumi.patch | 2 +- ...elements-from-schema-and-fix-tests-7.patch | 2 +- .../0026-Revert-Framework-conversions.patch | 2 +- ...ito_identity_pool_roles_attachment-e.patch | 102 ++++++++++++++ 34 files changed, 130 insertions(+), 574 deletions(-) create mode 100644 upstream-patches/0027-Temp-remove-cognito_identity_pool_roles_attachment-e.patch diff --git a/provider/cmd/pulumi-resource-aws/schema.json b/provider/cmd/pulumi-resource-aws/schema.json index aa0600aecf6..e30cd3c2427 100644 --- a/provider/cmd/pulumi-resource-aws/schema.json +++ b/provider/cmd/pulumi-resource-aws/schema.json @@ -289305,7 +289305,7 @@ } }, "aws:cognito/identityPoolRoleAttachment:IdentityPoolRoleAttachment": { - "description": "Provides an AWS Cognito Identity Pool Roles Attachment.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainIdentityPool = new aws.cognito.IdentityPool(\"mainIdentityPool\", {\n identityPoolName: \"identity pool\",\n allowUnauthenticatedIdentities: false,\n supportedLoginProviders: {\n \"graph.facebook.com\": \"7346241598935555\",\n },\n});\nconst authenticatedPolicyDocument = aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Federated\",\n identifiers: [\"cognito-identity.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRoleWithWebIdentity\"],\n conditions: [\n {\n test: \"StringEquals\",\n variable: \"cognito-identity.amazonaws.com:aud\",\n values: [mainIdentityPool.id],\n },\n {\n test: \"ForAnyValue:StringLike\",\n variable: \"cognito-identity.amazonaws.com:amr\",\n values: [\"authenticated\"],\n },\n ],\n }],\n});\nconst authenticatedRole = new aws.iam.Role(\"authenticatedRole\", {assumeRolePolicy: authenticatedPolicyDocument.apply(authenticatedPolicyDocument =\u003e authenticatedPolicyDocument.json)});\nconst authenticatedRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"mobileanalytics:PutEvents\",\n \"cognito-sync:*\",\n \"cognito-identity:*\",\n ],\n resources: [\"*\"],\n }],\n});\nconst authenticatedIam_rolePolicyRolePolicy = new aws.iam.RolePolicy(\"authenticatedIam/rolePolicyRolePolicy\", {\n role: authenticatedRole.id,\n policy: authenticatedRolePolicy.then(authenticatedRolePolicy =\u003e authenticatedRolePolicy.json),\n});\nconst mainIdentityPoolRoleAttachment = new aws.cognito.IdentityPoolRoleAttachment(\"mainIdentityPoolRoleAttachment\", {\n identityPoolId: mainIdentityPool.id,\n roleMappings: [{\n identityProvider: \"graph.facebook.com\",\n ambiguousRoleResolution: \"AuthenticatedRole\",\n type: \"Rules\",\n mappingRules: [{\n claim: \"isAdmin\",\n matchType: \"Equals\",\n roleArn: authenticatedRole.arn,\n value: \"paid\",\n }],\n }],\n roles: {\n authenticated: authenticatedRole.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain_identity_pool = aws.cognito.IdentityPool(\"mainIdentityPool\",\n identity_pool_name=\"identity pool\",\n allow_unauthenticated_identities=False,\n supported_login_providers={\n \"graph.facebook.com\": \"7346241598935555\",\n })\nauthenticated_policy_document = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Federated\",\n identifiers=[\"cognito-identity.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRoleWithWebIdentity\"],\n conditions=[\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"cognito-identity.amazonaws.com:aud\",\n values=[main_identity_pool.id],\n ),\n aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ForAnyValue:StringLike\",\n variable=\"cognito-identity.amazonaws.com:amr\",\n values=[\"authenticated\"],\n ),\n ],\n)])\nauthenticated_role = aws.iam.Role(\"authenticatedRole\", assume_role_policy=authenticated_policy_document.json)\nauthenticated_role_policy_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"mobileanalytics:PutEvents\",\n \"cognito-sync:*\",\n \"cognito-identity:*\",\n ],\n resources=[\"*\"],\n)])\nauthenticated_role_policy = aws.iam.RolePolicy(\"authenticatedRolePolicy\",\n role=authenticated_role.id,\n policy=authenticated_role_policy_policy_document.json)\nmain_identity_pool_role_attachment = aws.cognito.IdentityPoolRoleAttachment(\"mainIdentityPoolRoleAttachment\",\n identity_pool_id=main_identity_pool.id,\n role_mappings=[aws.cognito.IdentityPoolRoleAttachmentRoleMappingArgs(\n identity_provider=\"graph.facebook.com\",\n ambiguous_role_resolution=\"AuthenticatedRole\",\n type=\"Rules\",\n mapping_rules=[aws.cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs(\n claim=\"isAdmin\",\n match_type=\"Equals\",\n role_arn=authenticated_role.arn,\n value=\"paid\",\n )],\n )],\n roles={\n \"authenticated\": authenticated_role.arn,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mainIdentityPool = new Aws.Cognito.IdentityPool(\"mainIdentityPool\", new()\n {\n IdentityPoolName = \"identity pool\",\n AllowUnauthenticatedIdentities = false,\n SupportedLoginProviders = \n {\n { \"graph.facebook.com\", \"7346241598935555\" },\n },\n });\n\n var authenticatedPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Federated\",\n Identifiers = new[]\n {\n \"cognito-identity.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRoleWithWebIdentity\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"cognito-identity.amazonaws.com:aud\",\n Values = new[]\n {\n mainIdentityPool.Id,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ForAnyValue:StringLike\",\n Variable = \"cognito-identity.amazonaws.com:amr\",\n Values = new[]\n {\n \"authenticated\",\n },\n },\n },\n },\n },\n });\n\n var authenticatedRole = new Aws.Iam.Role(\"authenticatedRole\", new()\n {\n AssumeRolePolicy = authenticatedPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var authenticatedRolePolicyPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"mobileanalytics:PutEvents\",\n \"cognito-sync:*\",\n \"cognito-identity:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var authenticatedRolePolicy = new Aws.Iam.RolePolicy(\"authenticatedRolePolicy\", new()\n {\n Role = authenticatedRole.Id,\n Policy = authenticatedRolePolicyPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var mainIdentityPoolRoleAttachment = new Aws.Cognito.IdentityPoolRoleAttachment(\"mainIdentityPoolRoleAttachment\", new()\n {\n IdentityPoolId = mainIdentityPool.Id,\n RoleMappings = new[]\n {\n new Aws.Cognito.Inputs.IdentityPoolRoleAttachmentRoleMappingArgs\n {\n IdentityProvider = \"graph.facebook.com\",\n AmbiguousRoleResolution = \"AuthenticatedRole\",\n Type = \"Rules\",\n MappingRules = new[]\n {\n new Aws.Cognito.Inputs.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs\n {\n Claim = \"isAdmin\",\n MatchType = \"Equals\",\n RoleArn = authenticatedRole.Arn,\n Value = \"paid\",\n },\n },\n },\n },\n Roles = \n {\n { \"authenticated\", authenticatedRole.Arn },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainIdentityPool, err := cognito.NewIdentityPool(ctx, \"mainIdentityPool\", \u0026cognito.IdentityPoolArgs{\n\t\t\tIdentityPoolName: pulumi.String(\"identity pool\"),\n\t\t\tAllowUnauthenticatedIdentities: pulumi.Bool(false),\n\t\t\tSupportedLoginProviders: pulumi.StringMap{\n\t\t\t\t\"graph.facebook.com\": pulumi.String(\"7346241598935555\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tauthenticatedPolicyDocument := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Federated\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"cognito-identity.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"sts:AssumeRoleWithWebIdentity\"),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"cognito-identity.amazonaws.com:aud\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tmainIdentityPool.ID(),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"ForAnyValue:StringLike\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"cognito-identity.amazonaws.com:amr\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"authenticated\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tauthenticatedRole, err := iam.NewRole(ctx, \"authenticatedRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: authenticatedPolicyDocument.ApplyT(func(authenticatedPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026authenticatedPolicyDocument.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tauthenticatedRolePolicyPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"mobileanalytics:PutEvents\",\n\t\t\t\t\t\t\"cognito-sync:*\",\n\t\t\t\t\t\t\"cognito-identity:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"authenticatedRolePolicy\", \u0026iam.RolePolicyArgs{\n\t\t\tRole: authenticatedRole.ID(),\n\t\t\tPolicy: *pulumi.String(authenticatedRolePolicyPolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewIdentityPoolRoleAttachment(ctx, \"mainIdentityPoolRoleAttachment\", \u0026cognito.IdentityPoolRoleAttachmentArgs{\n\t\t\tIdentityPoolId: mainIdentityPool.ID(),\n\t\t\tRoleMappings: cognito.IdentityPoolRoleAttachmentRoleMappingArray{\n\t\t\t\t\u0026cognito.IdentityPoolRoleAttachmentRoleMappingArgs{\n\t\t\t\t\tIdentityProvider: pulumi.String(\"graph.facebook.com\"),\n\t\t\t\t\tAmbiguousRoleResolution: pulumi.String(\"AuthenticatedRole\"),\n\t\t\t\t\tType: pulumi.String(\"Rules\"),\n\t\t\t\t\tMappingRules: cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArray{\n\t\t\t\t\t\t\u0026cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs{\n\t\t\t\t\t\t\tClaim: pulumi.String(\"isAdmin\"),\n\t\t\t\t\t\t\tMatchType: pulumi.String(\"Equals\"),\n\t\t\t\t\t\t\tRoleArn: authenticatedRole.Arn,\n\t\t\t\t\t\t\tValue: pulumi.String(\"paid\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRoles: pulumi.StringMap{\n\t\t\t\t\"authenticated\": authenticatedRole.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.IdentityPool;\nimport com.pulumi.aws.cognito.IdentityPoolArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.cognito.IdentityPoolRoleAttachment;\nimport com.pulumi.aws.cognito.IdentityPoolRoleAttachmentArgs;\nimport com.pulumi.aws.cognito.inputs.IdentityPoolRoleAttachmentRoleMappingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mainIdentityPool = new IdentityPool(\"mainIdentityPool\", IdentityPoolArgs.builder() \n .identityPoolName(\"identity pool\")\n .allowUnauthenticatedIdentities(false)\n .supportedLoginProviders(Map.of(\"graph.facebook.com\", \"7346241598935555\"))\n .build());\n\n final var authenticatedPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Federated\")\n .identifiers(\"cognito-identity.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRoleWithWebIdentity\")\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"cognito-identity.amazonaws.com:aud\")\n .values(mainIdentityPool.id())\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ForAnyValue:StringLike\")\n .variable(\"cognito-identity.amazonaws.com:amr\")\n .values(\"authenticated\")\n .build())\n .build())\n .build());\n\n var authenticatedRole = new Role(\"authenticatedRole\", RoleArgs.builder() \n .assumeRolePolicy(authenticatedPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(authenticatedPolicyDocument -\u003e authenticatedPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n final var authenticatedRolePolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"mobileanalytics:PutEvents\",\n \"cognito-sync:*\",\n \"cognito-identity:*\")\n .resources(\"*\")\n .build())\n .build());\n\n var authenticatedRolePolicy = new RolePolicy(\"authenticatedRolePolicy\", RolePolicyArgs.builder() \n .role(authenticatedRole.id())\n .policy(authenticatedRolePolicyPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var mainIdentityPoolRoleAttachment = new IdentityPoolRoleAttachment(\"mainIdentityPoolRoleAttachment\", IdentityPoolRoleAttachmentArgs.builder() \n .identityPoolId(mainIdentityPool.id())\n .roleMappings(IdentityPoolRoleAttachmentRoleMappingArgs.builder()\n .identityProvider(\"graph.facebook.com\")\n .ambiguousRoleResolution(\"AuthenticatedRole\")\n .type(\"Rules\")\n .mappingRules(IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs.builder()\n .claim(\"isAdmin\")\n .matchType(\"Equals\")\n .roleArn(authenticatedRole.arn())\n .value(\"paid\")\n .build())\n .build())\n .roles(Map.of(\"authenticated\", authenticatedRole.arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mainIdentityPool:\n type: aws:cognito:IdentityPool\n properties:\n identityPoolName: identity pool\n allowUnauthenticatedIdentities: false\n supportedLoginProviders:\n graph.facebook.com: '7346241598935555'\n authenticatedRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${authenticatedPolicyDocument.json}\n authenticatedRolePolicy:\n type: aws:iam:RolePolicy\n properties:\n role: ${authenticatedRole.id}\n policy: ${authenticatedRolePolicyPolicyDocument.json}\n mainIdentityPoolRoleAttachment:\n type: aws:cognito:IdentityPoolRoleAttachment\n properties:\n identityPoolId: ${mainIdentityPool.id}\n roleMappings:\n - identityProvider: graph.facebook.com\n ambiguousRoleResolution: AuthenticatedRole\n type: Rules\n mappingRules:\n - claim: isAdmin\n matchType: Equals\n roleArn: ${authenticatedRole.arn}\n value: paid\n roles:\n authenticated: ${authenticatedRole.arn}\nvariables:\n authenticatedPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Federated\n identifiers:\n - cognito-identity.amazonaws.com\n actions:\n - sts:AssumeRoleWithWebIdentity\n conditions:\n - test: StringEquals\n variable: cognito-identity.amazonaws.com:aud\n values:\n - ${mainIdentityPool.id}\n - test: ForAnyValue:StringLike\n variable: cognito-identity.amazonaws.com:amr\n values:\n - authenticated\n authenticatedRolePolicyPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - mobileanalytics:PutEvents\n - cognito-sync:*\n - cognito-identity:*\n resources:\n - '*'\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCognito Identity Pool Roles Attachment can be imported using the Identity Pool ID, e.g.,\n\n```sh\n $ pulumi import aws:cognito/identityPoolRoleAttachment:IdentityPoolRoleAttachment example us-west-2:b64805ad-cb56-40ba-9ffc-f5d8207e6d42\n```\n\n ", + "description": "Provides an AWS Cognito Identity Pool Roles Attachment.\n\n\n## Import\n\nCognito Identity Pool Roles Attachment can be imported using the Identity Pool ID, e.g.,\n\n```sh\n $ pulumi import aws:cognito/identityPoolRoleAttachment:IdentityPoolRoleAttachment example us-west-2:b64805ad-cb56-40ba-9ffc-f5d8207e6d42\n```\n\n ", "properties": { "identityPoolId": { "type": "string", diff --git a/sdk/dotnet/Cognito/IdentityPoolRoleAttachment.cs b/sdk/dotnet/Cognito/IdentityPoolRoleAttachment.cs index ffacb87d41a..7187c9b7111 100644 --- a/sdk/dotnet/Cognito/IdentityPoolRoleAttachment.cs +++ b/sdk/dotnet/Cognito/IdentityPoolRoleAttachment.cs @@ -12,135 +12,6 @@ namespace Pulumi.Aws.Cognito /// /// Provides an AWS Cognito Identity Pool Roles Attachment. /// - /// ## Example Usage - /// - /// ```csharp - /// using System.Collections.Generic; - /// using Pulumi; - /// using Aws = Pulumi.Aws; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var mainIdentityPool = new Aws.Cognito.IdentityPool("mainIdentityPool", new() - /// { - /// IdentityPoolName = "identity pool", - /// AllowUnauthenticatedIdentities = false, - /// SupportedLoginProviders = - /// { - /// { "graph.facebook.com", "7346241598935555" }, - /// }, - /// }); - /// - /// var authenticatedPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new() - /// { - /// Statements = new[] - /// { - /// new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs - /// { - /// Effect = "Allow", - /// Principals = new[] - /// { - /// new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs - /// { - /// Type = "Federated", - /// Identifiers = new[] - /// { - /// "cognito-identity.amazonaws.com", - /// }, - /// }, - /// }, - /// Actions = new[] - /// { - /// "sts:AssumeRoleWithWebIdentity", - /// }, - /// Conditions = new[] - /// { - /// new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs - /// { - /// Test = "StringEquals", - /// Variable = "cognito-identity.amazonaws.com:aud", - /// Values = new[] - /// { - /// mainIdentityPool.Id, - /// }, - /// }, - /// new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs - /// { - /// Test = "ForAnyValue:StringLike", - /// Variable = "cognito-identity.amazonaws.com:amr", - /// Values = new[] - /// { - /// "authenticated", - /// }, - /// }, - /// }, - /// }, - /// }, - /// }); - /// - /// var authenticatedRole = new Aws.Iam.Role("authenticatedRole", new() - /// { - /// AssumeRolePolicy = authenticatedPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json), - /// }); - /// - /// var authenticatedRolePolicyPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new() - /// { - /// Statements = new[] - /// { - /// new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs - /// { - /// Effect = "Allow", - /// Actions = new[] - /// { - /// "mobileanalytics:PutEvents", - /// "cognito-sync:*", - /// "cognito-identity:*", - /// }, - /// Resources = new[] - /// { - /// "*", - /// }, - /// }, - /// }, - /// }); - /// - /// var authenticatedRolePolicy = new Aws.Iam.RolePolicy("authenticatedRolePolicy", new() - /// { - /// Role = authenticatedRole.Id, - /// Policy = authenticatedRolePolicyPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json), - /// }); - /// - /// var mainIdentityPoolRoleAttachment = new Aws.Cognito.IdentityPoolRoleAttachment("mainIdentityPoolRoleAttachment", new() - /// { - /// IdentityPoolId = mainIdentityPool.Id, - /// RoleMappings = new[] - /// { - /// new Aws.Cognito.Inputs.IdentityPoolRoleAttachmentRoleMappingArgs - /// { - /// IdentityProvider = "graph.facebook.com", - /// AmbiguousRoleResolution = "AuthenticatedRole", - /// Type = "Rules", - /// MappingRules = new[] - /// { - /// new Aws.Cognito.Inputs.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs - /// { - /// Claim = "isAdmin", - /// MatchType = "Equals", - /// RoleArn = authenticatedRole.Arn, - /// Value = "paid", - /// }, - /// }, - /// }, - /// }, - /// Roles = - /// { - /// { "authenticated", authenticatedRole.Arn }, - /// }, - /// }); - /// - /// }); - /// ``` - /// /// ## Import /// /// Cognito Identity Pool Roles Attachment can be imported using the Identity Pool ID, e.g., diff --git a/sdk/go/aws/cognito/identityPoolRoleAttachment.go b/sdk/go/aws/cognito/identityPoolRoleAttachment.go index 2d7e3888fcb..5677a0d1430 100644 --- a/sdk/go/aws/cognito/identityPoolRoleAttachment.go +++ b/sdk/go/aws/cognito/identityPoolRoleAttachment.go @@ -13,128 +13,6 @@ import ( // Provides an AWS Cognito Identity Pool Roles Attachment. // -// ## Example Usage -// -// ```go -// package main -// -// import ( -// -// "github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cognito" -// "github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// -// ) -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// mainIdentityPool, err := cognito.NewIdentityPool(ctx, "mainIdentityPool", &cognito.IdentityPoolArgs{ -// IdentityPoolName: pulumi.String("identity pool"), -// AllowUnauthenticatedIdentities: pulumi.Bool(false), -// SupportedLoginProviders: pulumi.StringMap{ -// "graph.facebook.com": pulumi.String("7346241598935555"), -// }, -// }) -// if err != nil { -// return err -// } -// authenticatedPolicyDocument := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{ -// Statements: iam.GetPolicyDocumentStatementArray{ -// &iam.GetPolicyDocumentStatementArgs{ -// Effect: pulumi.String("Allow"), -// Principals: iam.GetPolicyDocumentStatementPrincipalArray{ -// &iam.GetPolicyDocumentStatementPrincipalArgs{ -// Type: pulumi.String("Federated"), -// Identifiers: pulumi.StringArray{ -// pulumi.String("cognito-identity.amazonaws.com"), -// }, -// }, -// }, -// Actions: pulumi.StringArray{ -// pulumi.String("sts:AssumeRoleWithWebIdentity"), -// }, -// Conditions: iam.GetPolicyDocumentStatementConditionArray{ -// &iam.GetPolicyDocumentStatementConditionArgs{ -// Test: pulumi.String("StringEquals"), -// Variable: pulumi.String("cognito-identity.amazonaws.com:aud"), -// Values: pulumi.StringArray{ -// mainIdentityPool.ID(), -// }, -// }, -// &iam.GetPolicyDocumentStatementConditionArgs{ -// Test: pulumi.String("ForAnyValue:StringLike"), -// Variable: pulumi.String("cognito-identity.amazonaws.com:amr"), -// Values: pulumi.StringArray{ -// pulumi.String("authenticated"), -// }, -// }, -// }, -// }, -// }, -// }, nil) -// authenticatedRole, err := iam.NewRole(ctx, "authenticatedRole", &iam.RoleArgs{ -// AssumeRolePolicy: authenticatedPolicyDocument.ApplyT(func(authenticatedPolicyDocument iam.GetPolicyDocumentResult) (*string, error) { -// return &authenticatedPolicyDocument.Json, nil -// }).(pulumi.StringPtrOutput), -// }) -// if err != nil { -// return err -// } -// authenticatedRolePolicyPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ -// Statements: []iam.GetPolicyDocumentStatement{ -// { -// Effect: pulumi.StringRef("Allow"), -// Actions: []string{ -// "mobileanalytics:PutEvents", -// "cognito-sync:*", -// "cognito-identity:*", -// }, -// Resources: []string{ -// "*", -// }, -// }, -// }, -// }, nil) -// if err != nil { -// return err -// } -// _, err = iam.NewRolePolicy(ctx, "authenticatedRolePolicy", &iam.RolePolicyArgs{ -// Role: authenticatedRole.ID(), -// Policy: *pulumi.String(authenticatedRolePolicyPolicyDocument.Json), -// }) -// if err != nil { -// return err -// } -// _, err = cognito.NewIdentityPoolRoleAttachment(ctx, "mainIdentityPoolRoleAttachment", &cognito.IdentityPoolRoleAttachmentArgs{ -// IdentityPoolId: mainIdentityPool.ID(), -// RoleMappings: cognito.IdentityPoolRoleAttachmentRoleMappingArray{ -// &cognito.IdentityPoolRoleAttachmentRoleMappingArgs{ -// IdentityProvider: pulumi.String("graph.facebook.com"), -// AmbiguousRoleResolution: pulumi.String("AuthenticatedRole"), -// Type: pulumi.String("Rules"), -// MappingRules: cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArray{ -// &cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs{ -// Claim: pulumi.String("isAdmin"), -// MatchType: pulumi.String("Equals"), -// RoleArn: authenticatedRole.Arn, -// Value: pulumi.String("paid"), -// }, -// }, -// }, -// }, -// Roles: pulumi.StringMap{ -// "authenticated": authenticatedRole.Arn, -// }, -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` -// // ## Import // // Cognito Identity Pool Roles Attachment can be imported using the Identity Pool ID, e.g., diff --git a/sdk/java/src/main/java/com/pulumi/aws/cognito/IdentityPoolRoleAttachment.java b/sdk/java/src/main/java/com/pulumi/aws/cognito/IdentityPoolRoleAttachment.java index 6fe2eabdd61..13586321208 100644 --- a/sdk/java/src/main/java/com/pulumi/aws/cognito/IdentityPoolRoleAttachment.java +++ b/sdk/java/src/main/java/com/pulumi/aws/cognito/IdentityPoolRoleAttachment.java @@ -20,105 +20,6 @@ /** * Provides an AWS Cognito Identity Pool Roles Attachment. * - * ## Example Usage - * ```java - * package generated_program; - * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.aws.cognito.IdentityPool; - * import com.pulumi.aws.cognito.IdentityPoolArgs; - * import com.pulumi.aws.iam.IamFunctions; - * import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs; - * import com.pulumi.aws.iam.Role; - * import com.pulumi.aws.iam.RoleArgs; - * import com.pulumi.aws.iam.RolePolicy; - * import com.pulumi.aws.iam.RolePolicyArgs; - * import com.pulumi.aws.cognito.IdentityPoolRoleAttachment; - * import com.pulumi.aws.cognito.IdentityPoolRoleAttachmentArgs; - * import com.pulumi.aws.cognito.inputs.IdentityPoolRoleAttachmentRoleMappingArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; - * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } - * - * public static void stack(Context ctx) { - * var mainIdentityPool = new IdentityPool("mainIdentityPool", IdentityPoolArgs.builder() - * .identityPoolName("identity pool") - * .allowUnauthenticatedIdentities(false) - * .supportedLoginProviders(Map.of("graph.facebook.com", "7346241598935555")) - * .build()); - * - * final var authenticatedPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder() - * .statements(GetPolicyDocumentStatementArgs.builder() - * .effect("Allow") - * .principals(GetPolicyDocumentStatementPrincipalArgs.builder() - * .type("Federated") - * .identifiers("cognito-identity.amazonaws.com") - * .build()) - * .actions("sts:AssumeRoleWithWebIdentity") - * .conditions( - * GetPolicyDocumentStatementConditionArgs.builder() - * .test("StringEquals") - * .variable("cognito-identity.amazonaws.com:aud") - * .values(mainIdentityPool.id()) - * .build(), - * GetPolicyDocumentStatementConditionArgs.builder() - * .test("ForAnyValue:StringLike") - * .variable("cognito-identity.amazonaws.com:amr") - * .values("authenticated") - * .build()) - * .build()) - * .build()); - * - * var authenticatedRole = new Role("authenticatedRole", RoleArgs.builder() - * .assumeRolePolicy(authenticatedPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(authenticatedPolicyDocument -> authenticatedPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))) - * .build()); - * - * final var authenticatedRolePolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder() - * .statements(GetPolicyDocumentStatementArgs.builder() - * .effect("Allow") - * .actions( - * "mobileanalytics:PutEvents", - * "cognito-sync:*", - * "cognito-identity:*") - * .resources("*") - * .build()) - * .build()); - * - * var authenticatedRolePolicy = new RolePolicy("authenticatedRolePolicy", RolePolicyArgs.builder() - * .role(authenticatedRole.id()) - * .policy(authenticatedRolePolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())) - * .build()); - * - * var mainIdentityPoolRoleAttachment = new IdentityPoolRoleAttachment("mainIdentityPoolRoleAttachment", IdentityPoolRoleAttachmentArgs.builder() - * .identityPoolId(mainIdentityPool.id()) - * .roleMappings(IdentityPoolRoleAttachmentRoleMappingArgs.builder() - * .identityProvider("graph.facebook.com") - * .ambiguousRoleResolution("AuthenticatedRole") - * .type("Rules") - * .mappingRules(IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs.builder() - * .claim("isAdmin") - * .matchType("Equals") - * .roleArn(authenticatedRole.arn()) - * .value("paid") - * .build()) - * .build()) - * .roles(Map.of("authenticated", authenticatedRole.arn())) - * .build()); - * - * } - * } - * ``` - * * ## Import * * Cognito Identity Pool Roles Attachment can be imported using the Identity Pool ID, e.g., diff --git a/sdk/nodejs/cognito/identityPoolRoleAttachment.ts b/sdk/nodejs/cognito/identityPoolRoleAttachment.ts index d7e3dded1da..35e387c79da 100644 --- a/sdk/nodejs/cognito/identityPoolRoleAttachment.ts +++ b/sdk/nodejs/cognito/identityPoolRoleAttachment.ts @@ -10,76 +10,6 @@ import * as utilities from "../utilities"; /** * Provides an AWS Cognito Identity Pool Roles Attachment. * - * ## Example Usage - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as aws from "@pulumi/aws"; - * - * const mainIdentityPool = new aws.cognito.IdentityPool("mainIdentityPool", { - * identityPoolName: "identity pool", - * allowUnauthenticatedIdentities: false, - * supportedLoginProviders: { - * "graph.facebook.com": "7346241598935555", - * }, - * }); - * const authenticatedPolicyDocument = aws.iam.getPolicyDocumentOutput({ - * statements: [{ - * effect: "Allow", - * principals: [{ - * type: "Federated", - * identifiers: ["cognito-identity.amazonaws.com"], - * }], - * actions: ["sts:AssumeRoleWithWebIdentity"], - * conditions: [ - * { - * test: "StringEquals", - * variable: "cognito-identity.amazonaws.com:aud", - * values: [mainIdentityPool.id], - * }, - * { - * test: "ForAnyValue:StringLike", - * variable: "cognito-identity.amazonaws.com:amr", - * values: ["authenticated"], - * }, - * ], - * }], - * }); - * const authenticatedRole = new aws.iam.Role("authenticatedRole", {assumeRolePolicy: authenticatedPolicyDocument.apply(authenticatedPolicyDocument => authenticatedPolicyDocument.json)}); - * const authenticatedRolePolicyPolicyDocument = aws.iam.getPolicyDocument({ - * statements: [{ - * effect: "Allow", - * actions: [ - * "mobileanalytics:PutEvents", - * "cognito-sync:*", - * "cognito-identity:*", - * ], - * resources: ["*"], - * }], - * }); - * const authenticatedRolePolicy = new aws.iam.RolePolicy("authenticatedRolePolicy", { - * role: authenticatedRole.id, - * policy: authenticatedRolePolicyPolicyDocument.then(authenticatedRolePolicyPolicyDocument => authenticatedRolePolicyPolicyDocument.json), - * }); - * const mainIdentityPoolRoleAttachment = new aws.cognito.IdentityPoolRoleAttachment("mainIdentityPoolRoleAttachment", { - * identityPoolId: mainIdentityPool.id, - * roleMappings: [{ - * identityProvider: "graph.facebook.com", - * ambiguousRoleResolution: "AuthenticatedRole", - * type: "Rules", - * mappingRules: [{ - * claim: "isAdmin", - * matchType: "Equals", - * roleArn: authenticatedRole.arn, - * value: "paid", - * }], - * }], - * roles: { - * authenticated: authenticatedRole.arn, - * }, - * }); - * ``` - * * ## Import * * Cognito Identity Pool Roles Attachment can be imported using the Identity Pool ID, e.g., diff --git a/sdk/python/pulumi_aws/cognito/identity_pool_role_attachment.py b/sdk/python/pulumi_aws/cognito/identity_pool_role_attachment.py index 4778b22ef5e..c7a1d5dbd1f 100644 --- a/sdk/python/pulumi_aws/cognito/identity_pool_role_attachment.py +++ b/sdk/python/pulumi_aws/cognito/identity_pool_role_attachment.py @@ -135,69 +135,6 @@ def __init__(__self__, """ Provides an AWS Cognito Identity Pool Roles Attachment. - ## Example Usage - - ```python - import pulumi - import pulumi_aws as aws - - main_identity_pool = aws.cognito.IdentityPool("mainIdentityPool", - identity_pool_name="identity pool", - allow_unauthenticated_identities=False, - supported_login_providers={ - "graph.facebook.com": "7346241598935555", - }) - authenticated_policy_document = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs( - effect="Allow", - principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs( - type="Federated", - identifiers=["cognito-identity.amazonaws.com"], - )], - actions=["sts:AssumeRoleWithWebIdentity"], - conditions=[ - aws.iam.GetPolicyDocumentStatementConditionArgs( - test="StringEquals", - variable="cognito-identity.amazonaws.com:aud", - values=[main_identity_pool.id], - ), - aws.iam.GetPolicyDocumentStatementConditionArgs( - test="ForAnyValue:StringLike", - variable="cognito-identity.amazonaws.com:amr", - values=["authenticated"], - ), - ], - )]) - authenticated_role = aws.iam.Role("authenticatedRole", assume_role_policy=authenticated_policy_document.json) - authenticated_role_policy_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs( - effect="Allow", - actions=[ - "mobileanalytics:PutEvents", - "cognito-sync:*", - "cognito-identity:*", - ], - resources=["*"], - )]) - authenticated_role_policy = aws.iam.RolePolicy("authenticatedRolePolicy", - role=authenticated_role.id, - policy=authenticated_role_policy_policy_document.json) - main_identity_pool_role_attachment = aws.cognito.IdentityPoolRoleAttachment("mainIdentityPoolRoleAttachment", - identity_pool_id=main_identity_pool.id, - role_mappings=[aws.cognito.IdentityPoolRoleAttachmentRoleMappingArgs( - identity_provider="graph.facebook.com", - ambiguous_role_resolution="AuthenticatedRole", - type="Rules", - mapping_rules=[aws.cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs( - claim="isAdmin", - match_type="Equals", - role_arn=authenticated_role.arn, - value="paid", - )], - )], - roles={ - "authenticated": authenticated_role.arn, - }) - ``` - ## Import Cognito Identity Pool Roles Attachment can be imported using the Identity Pool ID, e.g., @@ -221,69 +158,6 @@ def __init__(__self__, """ Provides an AWS Cognito Identity Pool Roles Attachment. - ## Example Usage - - ```python - import pulumi - import pulumi_aws as aws - - main_identity_pool = aws.cognito.IdentityPool("mainIdentityPool", - identity_pool_name="identity pool", - allow_unauthenticated_identities=False, - supported_login_providers={ - "graph.facebook.com": "7346241598935555", - }) - authenticated_policy_document = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs( - effect="Allow", - principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs( - type="Federated", - identifiers=["cognito-identity.amazonaws.com"], - )], - actions=["sts:AssumeRoleWithWebIdentity"], - conditions=[ - aws.iam.GetPolicyDocumentStatementConditionArgs( - test="StringEquals", - variable="cognito-identity.amazonaws.com:aud", - values=[main_identity_pool.id], - ), - aws.iam.GetPolicyDocumentStatementConditionArgs( - test="ForAnyValue:StringLike", - variable="cognito-identity.amazonaws.com:amr", - values=["authenticated"], - ), - ], - )]) - authenticated_role = aws.iam.Role("authenticatedRole", assume_role_policy=authenticated_policy_document.json) - authenticated_role_policy_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs( - effect="Allow", - actions=[ - "mobileanalytics:PutEvents", - "cognito-sync:*", - "cognito-identity:*", - ], - resources=["*"], - )]) - authenticated_role_policy = aws.iam.RolePolicy("authenticatedRolePolicy", - role=authenticated_role.id, - policy=authenticated_role_policy_policy_document.json) - main_identity_pool_role_attachment = aws.cognito.IdentityPoolRoleAttachment("mainIdentityPoolRoleAttachment", - identity_pool_id=main_identity_pool.id, - role_mappings=[aws.cognito.IdentityPoolRoleAttachmentRoleMappingArgs( - identity_provider="graph.facebook.com", - ambiguous_role_resolution="AuthenticatedRole", - type="Rules", - mapping_rules=[aws.cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs( - claim="isAdmin", - match_type="Equals", - role_arn=authenticated_role.arn, - value="paid", - )], - )], - roles={ - "authenticated": authenticated_role.arn, - }) - ``` - ## Import Cognito Identity Pool Roles Attachment can be imported using the Identity Pool ID, e.g., diff --git a/upstream b/upstream index 632fb7a65c6..a591970e6c9 160000 --- a/upstream +++ b/upstream @@ -1 +1 @@ -Subproject commit 632fb7a65c6256abd8365ea7db02e361c9540cef +Subproject commit a591970e6c9a35670b7c049c739192a2d1b23fa4 diff --git a/upstream-patches/0001-Add-TagsSchemaTrulyComputed-definition.patch b/upstream-patches/0001-Add-TagsSchemaTrulyComputed-definition.patch index 80a5e4735e2..35483b53c9a 100644 --- a/upstream-patches/0001-Add-TagsSchemaTrulyComputed-definition.patch +++ b/upstream-patches/0001-Add-TagsSchemaTrulyComputed-definition.patch @@ -1,7 +1,7 @@ From 58f878dcbfa95b36959489c1d60668e0685c2f2b Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 16:49:08 +0000 -Subject: [PATCH 01/26] Add TagsSchemaTrulyComputed definition +Subject: [PATCH 01/27] Add TagsSchemaTrulyComputed definition --- internal/tags/tags.go | 8 ++++++++ diff --git a/upstream-patches/0002-Conns-user-agent.patch b/upstream-patches/0002-Conns-user-agent.patch index e8fbe250014..e0ab672678e 100644 --- a/upstream-patches/0002-Conns-user-agent.patch +++ b/upstream-patches/0002-Conns-user-agent.patch @@ -1,7 +1,7 @@ From 2476d136239fe690850a0db6884663d86a8b8b92 Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 17:03:31 +0000 -Subject: [PATCH 02/26] Conns user agent +Subject: [PATCH 02/27] Conns user agent Replace the useragent used for AWS client connections with a Pulumi-flavoured one. diff --git a/upstream-patches/0003-Add-S3-legacy-bucket-to-resources.patch b/upstream-patches/0003-Add-S3-legacy-bucket-to-resources.patch index fb0d08042d3..9214fd91285 100644 --- a/upstream-patches/0003-Add-S3-legacy-bucket-to-resources.patch +++ b/upstream-patches/0003-Add-S3-legacy-bucket-to-resources.patch @@ -1,7 +1,7 @@ From d9da1ecdaf08dcb1a427cea5c27c1c9f8ed50ae8 Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 17:05:11 +0000 -Subject: [PATCH 03/26] Add S3 legacy bucket to resources +Subject: [PATCH 03/27] Add S3 legacy bucket to resources This preserves the old S3 Resource in the SDK, by duplicating the code as a new service (in internal/service/s3legacy), and making an explicit diff --git a/upstream-patches/0004-Marks-SSE-Configuration-as-Computed-for-Legacy-S3-Bu.patch b/upstream-patches/0004-Marks-SSE-Configuration-as-Computed-for-Legacy-S3-Bu.patch index 59d9bd54fc9..c8741721f9a 100644 --- a/upstream-patches/0004-Marks-SSE-Configuration-as-Computed-for-Legacy-S3-Bu.patch +++ b/upstream-patches/0004-Marks-SSE-Configuration-as-Computed-for-Legacy-S3-Bu.patch @@ -1,7 +1,7 @@ From 10454a68b16ae80557daeffe4038ff4c652889de Mon Sep 17 00:00:00 2001 From: Kyle Pitzen Date: Thu, 9 Mar 2023 09:47:49 -0600 -Subject: [PATCH 04/26] Marks SSE Configuration as Computed for Legacy S3 +Subject: [PATCH 04/27] Marks SSE Configuration as Computed for Legacy S3 Bucket In January, AWS enabled SSE by default for all new S3 buckets. diff --git a/upstream-patches/0005-De-deprecate-bucket_object.patch b/upstream-patches/0005-De-deprecate-bucket_object.patch index 349d7475a11..f66a49abbdf 100644 --- a/upstream-patches/0005-De-deprecate-bucket_object.patch +++ b/upstream-patches/0005-De-deprecate-bucket_object.patch @@ -1,7 +1,7 @@ From e085739193e20f344b48a8bc28fe1371684063c2 Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 17:06:11 +0000 -Subject: [PATCH 05/26] De-deprecate bucket_object +Subject: [PATCH 05/27] De-deprecate bucket_object --- internal/service/s3/bucket_object.go | 4 ++-- diff --git a/upstream-patches/0006-Remove-lakeformation-catalog_resource-default.patch b/upstream-patches/0006-Remove-lakeformation-catalog_resource-default.patch index 84dc0804573..8c97828cce8 100644 --- a/upstream-patches/0006-Remove-lakeformation-catalog_resource-default.patch +++ b/upstream-patches/0006-Remove-lakeformation-catalog_resource-default.patch @@ -1,7 +1,7 @@ From d85bd9ed17d73586996b51c8df80731b4648d64a Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 17:08:23 +0000 -Subject: [PATCH 06/26] Remove lakeformation catalog_resource default +Subject: [PATCH 06/27] Remove lakeformation catalog_resource default --- internal/service/lakeformation/permissions.go | 4 ++-- diff --git a/upstream-patches/0007-Workaround-SSM-Parameter-tier-bug.patch b/upstream-patches/0007-Workaround-SSM-Parameter-tier-bug.patch index 7462c0b1504..146537bd1ad 100644 --- a/upstream-patches/0007-Workaround-SSM-Parameter-tier-bug.patch +++ b/upstream-patches/0007-Workaround-SSM-Parameter-tier-bug.patch @@ -1,7 +1,7 @@ From 7a4e7d0f9cec666561c5c05e74f7a3dcfa232260 Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 17:24:42 +0000 -Subject: [PATCH 07/26] Workaround SSM Parameter tier bug +Subject: [PATCH 07/27] Workaround SSM Parameter tier bug - Disable "computed". - Disable diff suppression & counteractions diff --git a/upstream-patches/0008-Add-EKS-cluster-default_addons_to_remove.patch b/upstream-patches/0008-Add-EKS-cluster-default_addons_to_remove.patch index 9d17906ae5d..0c57ba4670c 100644 --- a/upstream-patches/0008-Add-EKS-cluster-default_addons_to_remove.patch +++ b/upstream-patches/0008-Add-EKS-cluster-default_addons_to_remove.patch @@ -1,7 +1,7 @@ From c5382d4ac003f80f38e5e9ad3aaf4e2cbf365719 Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 17:31:27 +0000 -Subject: [PATCH 08/26] Add EKS cluster default_addons_to_remove +Subject: [PATCH 08/27] Add EKS cluster default_addons_to_remove --- internal/service/eks/cluster.go | 7 + diff --git a/upstream-patches/0009-Add-EKS-cluster-certificate_authorities-plural.patch b/upstream-patches/0009-Add-EKS-cluster-certificate_authorities-plural.patch index fb0874e363c..551f1ff5ec4 100644 --- a/upstream-patches/0009-Add-EKS-cluster-certificate_authorities-plural.patch +++ b/upstream-patches/0009-Add-EKS-cluster-certificate_authorities-plural.patch @@ -1,7 +1,7 @@ From b4104448fd6ff1d503ccf36f84e630d89860cd5f Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 17:32:49 +0000 -Subject: [PATCH 09/26] Add EKS cluster certificate_authorities (plural) +Subject: [PATCH 09/27] Add EKS cluster certificate_authorities (plural) --- internal/service/eks/cluster.go | 22 ++++++++++++++++++++++ diff --git a/upstream-patches/0010-Workaround-Autoscaling-launch_configuration-associat.patch b/upstream-patches/0010-Workaround-Autoscaling-launch_configuration-associat.patch index 2dd05e2a45a..0ad78c6f821 100644 --- a/upstream-patches/0010-Workaround-Autoscaling-launch_configuration-associat.patch +++ b/upstream-patches/0010-Workaround-Autoscaling-launch_configuration-associat.patch @@ -1,7 +1,7 @@ From ca50c01a66b140efa1da6fdc8f59e23b9dc4f35f Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 17:34:56 +0000 -Subject: [PATCH 10/26] Workaround Autoscaling launch_configuration +Subject: [PATCH 10/27] Workaround Autoscaling launch_configuration associate_public_ip_address - Disable computation of property until fixed. diff --git a/upstream-patches/0011-Add-ECR-credentials_data_source.patch b/upstream-patches/0011-Add-ECR-credentials_data_source.patch index 4bc08d3f964..4d3b334cadc 100644 --- a/upstream-patches/0011-Add-ECR-credentials_data_source.patch +++ b/upstream-patches/0011-Add-ECR-credentials_data_source.patch @@ -1,7 +1,7 @@ From 04a703d6ac8e8887ea827ccd15b6c0db2a3558cf Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 17:36:34 +0000 -Subject: [PATCH 11/26] Add ECR credentials_data_source +Subject: [PATCH 11/27] Add ECR credentials_data_source --- internal/provider/provider.go | 6 +- diff --git a/upstream-patches/0012-Revert-framework-conversions.patch b/upstream-patches/0012-Revert-framework-conversions.patch index 732aa4c1f8f..88b0dde55fb 100644 --- a/upstream-patches/0012-Revert-framework-conversions.patch +++ b/upstream-patches/0012-Revert-framework-conversions.patch @@ -1,7 +1,7 @@ From 8b48af4bfaf612b46cf8368bb1aabeb2a84667b2 Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Fri, 4 Nov 2022 17:42:19 +0000 -Subject: [PATCH 12/26] Revert framework conversions +Subject: [PATCH 12/27] Revert framework conversions This commit reverts resources and data sources that were ported to the plugin framework, back to their previous implementation. The upstream diff --git a/upstream-patches/0013-Add-custom-appautoscaling-examples.patch b/upstream-patches/0013-Add-custom-appautoscaling-examples.patch index bac55282992..71992ca500c 100644 --- a/upstream-patches/0013-Add-custom-appautoscaling-examples.patch +++ b/upstream-patches/0013-Add-custom-appautoscaling-examples.patch @@ -1,7 +1,7 @@ From ec4d3d287a3315e65a4dfb6e3fcad1bd46b99e6f Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Wed, 9 Nov 2022 17:37:35 +0000 -Subject: [PATCH 13/26] Add custom appautoscaling examples +Subject: [PATCH 13/27] Add custom appautoscaling examples --- .../r/appautoscaling_policy.html.markdown | 28 +++++++++++++++++++ diff --git a/upstream-patches/0014-Add-dedicated_host-docs.patch b/upstream-patches/0014-Add-dedicated_host-docs.patch index cf7a1b06a5a..d073950ddca 100644 --- a/upstream-patches/0014-Add-dedicated_host-docs.patch +++ b/upstream-patches/0014-Add-dedicated_host-docs.patch @@ -1,7 +1,7 @@ From a9c991ab0997ea75318d4d6a335a63830cae4afc Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Tue, 15 Nov 2022 10:08:05 +0000 -Subject: [PATCH 14/26] Add dedicated_host docs +Subject: [PATCH 14/27] Add dedicated_host docs --- website/docs/d/dedicated_host.html.markdown | 75 +++++++++++++++++++++ diff --git a/upstream-patches/0015-Revert-WAF-schema-changes.patch b/upstream-patches/0015-Revert-WAF-schema-changes.patch index a3ee7ef84e8..7cfa309a245 100644 --- a/upstream-patches/0015-Revert-WAF-schema-changes.patch +++ b/upstream-patches/0015-Revert-WAF-schema-changes.patch @@ -1,7 +1,7 @@ From 685e82649d63c8e5757c81267595d4d7528fcf29 Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Tue, 15 Nov 2022 13:59:57 +0000 -Subject: [PATCH 15/26] Revert WAF schema changes +Subject: [PATCH 15/27] Revert WAF schema changes - This causes far too many types to be generated downstream. --- diff --git a/upstream-patches/0016-Un-deprecate-RDS-instance-name.patch b/upstream-patches/0016-Un-deprecate-RDS-instance-name.patch index e6bcef31aae..70e455157e2 100644 --- a/upstream-patches/0016-Un-deprecate-RDS-instance-name.patch +++ b/upstream-patches/0016-Un-deprecate-RDS-instance-name.patch @@ -1,7 +1,7 @@ From 8260fa2d55c048c3b2357d81a8e483b9aaca3d2b Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Thu, 17 Nov 2022 09:55:46 +0000 -Subject: [PATCH 16/26] Un-deprecate RDS instance name +Subject: [PATCH 16/27] Un-deprecate RDS instance name We don't have a good migration story yet so this just adds noise for users. diff --git a/upstream-patches/0017-Catch-cty-panic-in-new-resourceTopicSubscriptionCust.patch b/upstream-patches/0017-Catch-cty-panic-in-new-resourceTopicSubscriptionCust.patch index 38071dd0212..ee32736e705 100644 --- a/upstream-patches/0017-Catch-cty-panic-in-new-resourceTopicSubscriptionCust.patch +++ b/upstream-patches/0017-Catch-cty-panic-in-new-resourceTopicSubscriptionCust.patch @@ -1,7 +1,7 @@ From 0ae60120daa39afb35ad9bf66e2030401d7bd51d Mon Sep 17 00:00:00 2001 From: Thomas Kappler Date: Thu, 1 Dec 2022 10:56:32 -0800 -Subject: [PATCH 17/26] Catch cty panic in new +Subject: [PATCH 17/27] Catch cty panic in new resourceTopicSubscriptionCustomizeDiff. The root cause is not fully understood yet but this might unblock us. diff --git a/upstream-patches/0018-add-matchmaking-configuration-72.patch b/upstream-patches/0018-add-matchmaking-configuration-72.patch index 87a7eaf276b..e894be7afb1 100644 --- a/upstream-patches/0018-add-matchmaking-configuration-72.patch +++ b/upstream-patches/0018-add-matchmaking-configuration-72.patch @@ -1,7 +1,7 @@ From 7972bf2b615d2224007cde515f5399a9cb361f28 Mon Sep 17 00:00:00 2001 From: Lee Briggs Date: Wed, 21 Dec 2022 12:23:59 -0800 -Subject: [PATCH 18/26] add matchmaking configuration (#72) +Subject: [PATCH 18/27] add matchmaking configuration (#72) * add matchmaking configuration * add matchmaking rule set diff --git a/upstream-patches/0019-fix-Adding-back-in-removeAddons.patch b/upstream-patches/0019-fix-Adding-back-in-removeAddons.patch index 5242a531285..537e55ce202 100644 --- a/upstream-patches/0019-fix-Adding-back-in-removeAddons.patch +++ b/upstream-patches/0019-fix-Adding-back-in-removeAddons.patch @@ -1,7 +1,7 @@ From 7c44221b0a6ffd3c96c5644b4274e1402238eeb2 Mon Sep 17 00:00:00 2001 From: Richard Shade Date: Fri, 6 Jan 2023 15:31:22 -0600 -Subject: [PATCH 19/26] fix: Adding back in removeAddons +Subject: [PATCH 19/27] fix: Adding back in removeAddons --- internal/service/eks/cluster.go | 4 ++++ diff --git a/upstream-patches/0020-Reverts-patches-to-S3BucketLegacy-and-GameLift.patch b/upstream-patches/0020-Reverts-patches-to-S3BucketLegacy-and-GameLift.patch index a02e05e3751..5673e22f9bf 100644 --- a/upstream-patches/0020-Reverts-patches-to-S3BucketLegacy-and-GameLift.patch +++ b/upstream-patches/0020-Reverts-patches-to-S3BucketLegacy-and-GameLift.patch @@ -1,7 +1,7 @@ From f5bb0e4c094e645f2a4e494b6377cc59202201cb Mon Sep 17 00:00:00 2001 From: Kyle Pitzen Date: Fri, 27 Jan 2023 09:37:43 -0600 -Subject: [PATCH 20/26] Reverts patches to S3BucketLegacy and GameLift +Subject: [PATCH 20/27] Reverts patches to S3BucketLegacy and GameLift Previously, we were pulling along patches which removed a few simplifications to waiters in AWS GameLift, and a newer patch which plumbed through context.Context diff --git a/upstream-patches/0021-Revert-Update-endpointHashIPAddress.patch b/upstream-patches/0021-Revert-Update-endpointHashIPAddress.patch index d2b850faa6f..3649548504e 100644 --- a/upstream-patches/0021-Revert-Update-endpointHashIPAddress.patch +++ b/upstream-patches/0021-Revert-Update-endpointHashIPAddress.patch @@ -1,7 +1,7 @@ From 66a4816d499b1145ff9b94031d0773e451c636e1 Mon Sep 17 00:00:00 2001 From: Thomas Kappler Date: Fri, 3 Feb 2023 17:31:18 -0800 -Subject: [PATCH 21/26] Revert "Update endpointHashIPAddress" +Subject: [PATCH 21/27] Revert "Update endpointHashIPAddress" This reverts commit 2197a6c2c7a0ff306cec3432acb9f5680866f034. diff --git a/upstream-patches/0022-Fixup-eks-formatting.patch b/upstream-patches/0022-Fixup-eks-formatting.patch index ea05edd8d87..5cbea67a887 100644 --- a/upstream-patches/0022-Fixup-eks-formatting.patch +++ b/upstream-patches/0022-Fixup-eks-formatting.patch @@ -1,7 +1,7 @@ From 78b63f036f490fd63acbfcfc91b7f79373e41ecc Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Thu, 9 Mar 2023 14:50:36 +0000 -Subject: [PATCH 22/26] Fixup eks formatting +Subject: [PATCH 22/27] Fixup eks formatting --- internal/service/eks/wait.go | 6 +++--- diff --git a/upstream-patches/0023-Fixup-gamelift-context.patch b/upstream-patches/0023-Fixup-gamelift-context.patch index 884dc6674c4..92895e9476c 100644 --- a/upstream-patches/0023-Fixup-gamelift-context.patch +++ b/upstream-patches/0023-Fixup-gamelift-context.patch @@ -1,7 +1,7 @@ From 3186431e806a7f2346d25edeb3287881138495f7 Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Thu, 9 Mar 2023 14:50:51 +0000 -Subject: [PATCH 23/26] Fixup gamelift context +Subject: [PATCH 23/27] Fixup gamelift context --- internal/service/gamelift/matchmaking_configuration.go | 2 +- diff --git a/upstream-patches/0024-Change-default-descriptions-to-Managed-by-Pulumi.patch b/upstream-patches/0024-Change-default-descriptions-to-Managed-by-Pulumi.patch index 0480ba0987a..d1405e88dbe 100644 --- a/upstream-patches/0024-Change-default-descriptions-to-Managed-by-Pulumi.patch +++ b/upstream-patches/0024-Change-default-descriptions-to-Managed-by-Pulumi.patch @@ -1,7 +1,7 @@ From 39e716db928f65fb04df3eaded7654e63713b70b Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Tue, 28 Feb 2023 15:19:24 +0000 -Subject: [PATCH 24/26] Change default descriptions to "Managed by Pulumi" +Subject: [PATCH 24/27] Change default descriptions to "Managed by Pulumi" --- internal/service/apigateway/api_key.go | 2 +- diff --git a/upstream-patches/0025-remove-required-elements-from-schema-and-fix-tests-7.patch b/upstream-patches/0025-remove-required-elements-from-schema-and-fix-tests-7.patch index ee0437f4c85..b8ba9d6b323 100644 --- a/upstream-patches/0025-remove-required-elements-from-schema-and-fix-tests-7.patch +++ b/upstream-patches/0025-remove-required-elements-from-schema-and-fix-tests-7.patch @@ -1,7 +1,7 @@ From 876eee50c735550ecc0e95b047d3c1d6f3ca2104 Mon Sep 17 00:00:00 2001 From: Daniel Bradley Date: Tue, 28 Mar 2023 19:54:00 +0100 -Subject: [PATCH 25/26] remove required elements from schema and fix tests +Subject: [PATCH 25/27] remove required elements from schema and fix tests (#77) Co-authored-by: Lee Briggs diff --git a/upstream-patches/0026-Revert-Framework-conversions.patch b/upstream-patches/0026-Revert-Framework-conversions.patch index 63650a092e7..dc9f4e4f532 100644 --- a/upstream-patches/0026-Revert-Framework-conversions.patch +++ b/upstream-patches/0026-Revert-Framework-conversions.patch @@ -1,7 +1,7 @@ From 632fb7a65c6256abd8365ea7db02e361c9540cef Mon Sep 17 00:00:00 2001 From: Thomas Kappler Date: Tue, 28 Mar 2023 15:09:00 -0700 -Subject: [PATCH 26/26] Revert Framework conversions +Subject: [PATCH 26/27] Revert Framework conversions https://github.com/hashicorp/terraform-provider-aws/tree/main/internal/service/cognitoidp diff --git a/upstream-patches/0027-Temp-remove-cognito_identity_pool_roles_attachment-e.patch b/upstream-patches/0027-Temp-remove-cognito_identity_pool_roles_attachment-e.patch new file mode 100644 index 00000000000..8953fd18a90 --- /dev/null +++ b/upstream-patches/0027-Temp-remove-cognito_identity_pool_roles_attachment-e.patch @@ -0,0 +1,102 @@ +From a591970e6c9a35670b7c049c739192a2d1b23fa4 Mon Sep 17 00:00:00 2001 +From: Anton Tayanovskyy +Date: Mon, 24 Apr 2023 10:36:36 -0400 +Subject: [PATCH 27/27] Temp remove cognito_identity_pool_roles_attachment + example beacuse of flaky translation + +--- + ...to_identity_pool_roles_attachment.markdown | 81 ------------------- + 1 file changed, 81 deletions(-) + +diff --git a/website/docs/r/cognito_identity_pool_roles_attachment.markdown b/website/docs/r/cognito_identity_pool_roles_attachment.markdown +index 52afa0cbe0..0e5f66201c 100644 +--- a/website/docs/r/cognito_identity_pool_roles_attachment.markdown ++++ b/website/docs/r/cognito_identity_pool_roles_attachment.markdown +@@ -12,87 +12,6 @@ Provides an AWS Cognito Identity Pool Roles Attachment. + + ## Example Usage + +-```terraform +-resource "aws_cognito_identity_pool" "main" { +- identity_pool_name = "identity pool" +- allow_unauthenticated_identities = false +- +- supported_login_providers = { +- "graph.facebook.com" = "7346241598935555" +- } +-} +- +-data "aws_iam_policy_document" "authenticated" { +- statement { +- effect = "Allow" +- +- principals { +- type = "Federated" +- identifiers = ["cognito-identity.amazonaws.com"] +- } +- +- actions = ["sts:AssumeRoleWithWebIdentity"] +- +- condition { +- test = "StringEquals" +- variable = "cognito-identity.amazonaws.com:aud" +- values = [aws_cognito_identity_pool.main.id] +- } +- +- condition { +- test = "ForAnyValue:StringLike" +- variable = "cognito-identity.amazonaws.com:amr" +- values = ["authenticated"] +- } +- } +-} +- +-resource "aws_iam_role" "authenticated" { +- name = "cognito_authenticated" +- assume_role_policy = data.aws_iam_policy_document.authenticated.json +-} +- +-data "aws_iam_policy_document" "authenticated_role_policy" { +- statement { +- effect = "Allow" +- +- actions = [ +- "mobileanalytics:PutEvents", +- "cognito-sync:*", +- "cognito-identity:*", +- ] +- +- resources = ["*"] +- } +-} +- +-resource "aws_iam_role_policy" "authenticated" { +- name = "authenticated_policy" +- role = aws_iam_role.authenticated.id +- policy = data.aws_iam_policy_document.authenticated_role_policy.json +-} +- +-resource "aws_cognito_identity_pool_roles_attachment" "main" { +- identity_pool_id = aws_cognito_identity_pool.main.id +- +- role_mapping { +- identity_provider = "graph.facebook.com" +- ambiguous_role_resolution = "AuthenticatedRole" +- type = "Rules" +- +- mapping_rule { +- claim = "isAdmin" +- match_type = "Equals" +- role_arn = aws_iam_role.authenticated.arn +- value = "paid" +- } +- } +- +- roles = { +- "authenticated" = aws_iam_role.authenticated.arn +- } +-} +-``` + + ## Argument Reference +