Manage CognitoIdentity Functions
Create and destroy CognitoIdentity identity pools. Be aware that this interacts with
Amazon's services, and so may incur charges.
This module uses boto3
, which can be installed via package, or pip.
This module accepts explicit vpc credentials but can also utilize
IAM roles assigned to the instance through Instance Profiles. Dynamic
credentials are then automatically obtained from AWS API and no further
configuration is necessary. More information available here.
If IAM roles are not used you need to specify them either in a pillar file or
in the minion's config file:
vpc.keyid: GKTADJGHEIQSXMKKRBJ08H
vpc.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
It's also possible to specify key
, keyid
and region
via a profile,
either passed in as a dict, or as a string to pull from pillars or minion
config:
myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
Ensure function exists:
boto_cognitoidentity.pool_present:
- PoolName: my_identity_pool
- region: us-east-1
- keyid: GKTADJGHEIQSXMKKRBJ08H
- key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
-
salt.states.boto_cognitoidentity.
pool_absent
(name, IdentityPoolName, RemoveAllMatched=False, region=None, key=None, keyid=None, profile=None)
Ensure cognito identity pool with passed properties is absent.
- name
- The name of the state definition.
- IdentityPoolName
- Name of the Cognito Identity Pool. Please note that this may
match multiple pools with the same given name, in which case,
all will be removed.
- RemoveAllMatched
- If True, all identity pools with the matching IdentityPoolName
will be removed. If False and there are more than one identity pool
with the matching IdentityPoolName, no action will be taken. If False
and there is only one identity pool with the matching IdentityPoolName,
the identity pool will be removed.
- region
- Region to connect to.
- key
- Secret key to be used.
- keyid
- Access key to be used.
- profile
- A dict with region, key and keyid, or a pillar key (string) that
contains a dict with region, key and keyid.
-
salt.states.boto_cognitoidentity.
pool_present
(name, IdentityPoolName, AuthenticatedRole, AllowUnauthenticatedIdentities=False, UnauthenticatedRole=None, SupportedLoginProviders=None, DeveloperProviderName=None, OpenIdConnectProviderARNs=None, region=None, key=None, keyid=None, profile=None)
Ensure Cognito Identity Pool exists.
- name
- The name of the state definition
- IdentityPoolName
- Name of the Cognito Identity Pool
- AuthenticatedRole
- An IAM role name or ARN that will be associated with temporary AWS
credentials for an authenticated cognito identity.
- AllowUnauthenticatedIdentities
- Whether to allow anonymous user identities
- UnauthenticatedRole
- An IAM role name or ARN that will be associated with anonymous
user identities
- SupportedLoginProviders
- A dictionary or pillar that contains key:value pairs mapping provider
names to provider app IDs.
- DeveloperProviderName
- A string which is the domain by which Cognito will refer to your users.
This name acts as a placeholder that allows your backend and the Cognito
service to communicate about the developer provider. Once you have set a
developer provider name, you cannot change it. Please take care in setting
this parameter.
- OpenIdConnectProviderARNs
- A list or pillar name that contains a list of OpenID Connect provider ARNs.
- region
- Region to connect to.
- key
- Secret key to be used.
- keyid
- Access key to be used.
- profile
- A dict with region, key and keyid, or a pillar key (string) that
contains a dict with region, key and keyid.