salt.states.boto_cognitoidentity module¶

Manage CognitoIdentity Functions¶

New in version Boron.

Create and destroy CognitoIdentity identity pools. Be aware that this interacts with Amazon's services, and so may incur charges.

This module uses boto3, which can be installed via package, or pip.

This module accepts explicit vpc credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More information available here.

If IAM roles are not used you need to specify them either in a pillar file or in the minion's config file:

vpc.keyid: GKTADJGHEIQSXMKKRBJ08H
vpc.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

It's also possible to specify key, keyid and region via a profile, either passed in as a dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
        region: us-east-1

Ensure function exists:
    boto_cognitoidentity.pool_present:
        - PoolName: my_identity_pool
        - region: us-east-1
        - keyid: GKTADJGHEIQSXMKKRBJ08H
        - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

salt.states.boto_cognitoidentity.pool_absent(name, IdentityPoolName, RemoveAllMatched=False, region=None, key=None, keyid=None, profile=None)¶

Ensure cognito identity pool with passed properties is absent.

name: The name of the state definition.
IdentityPoolName: Name of the Cognito Identity Pool. Please note that this may match multiple pools with the same given name, in which case, all will be removed.
RemoveAllMatched: If True, all identity pools with the matching IdentityPoolName will be removed. If False and there are more than one identity pool with the matching IdentityPoolName, no action will be taken. If False and there is only one identity pool with the matching IdentityPoolName, the identity pool will be removed.
region: Region to connect to.
key: Secret key to be used.
keyid: Access key to be used.
profile: A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

salt.states.boto_cognitoidentity.pool_present(name, IdentityPoolName, AuthenticatedRole, AllowUnauthenticatedIdentities=False, UnauthenticatedRole=None, SupportedLoginProviders=None, DeveloperProviderName=None, OpenIdConnectProviderARNs=None, region=None, key=None, keyid=None, profile=None)¶

Ensure Cognito Identity Pool exists.

name: The name of the state definition
IdentityPoolName: Name of the Cognito Identity Pool
AuthenticatedRole: An IAM role name or ARN that will be associated with temporary AWS credentials for an authenticated cognito identity.
AllowUnauthenticatedIdentities: Whether to allow anonymous user identities
UnauthenticatedRole: An IAM role name or ARN that will be associated with anonymous user identities
SupportedLoginProviders: A dictionary or pillar that contains key:value pairs mapping provider names to provider app IDs.
DeveloperProviderName: A string which is the domain by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider. Once you have set a developer provider name, you cannot change it. Please take care in setting this parameter.
OpenIdConnectProviderARNs: A list or pillar name that contains a list of OpenID Connect provider ARNs.
region: Region to connect to.
key: Secret key to be used.
keyid: Access key to be used.
profile: A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.