salt.modules.boto_cognitoidentity

Connection module for Amazon CognitoIdentity

New in version 2016.11.0.

configuration:

This module accepts explicit CognitoIdentity credentials but can also utilize IAM roles assigned to the instance trough Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:

cognitoidentity.keyid: GKTADJGHEIQSXMKKRBJ08H
cognitoidentity.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be specified in the configuration:

cognitoidentity.region: us-east-1

If a region is not specified, the default is us-east-1.

It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1

Changed in version 2015.8.0: All methods now return a dictionary. Create, delete, set, and update methods return:

created: true

or

created: false
error:
  message: error message

Request methods (e.g., describe_identity_pools) return:

identity_pools:
  - {...}
  - {...}

or

error:
  message: error message
depends:

boto3

salt.modules.boto_cognitoidentity.create_identity_pool(IdentityPoolName, AllowUnauthenticatedIdentities=False, SupportedLoginProviders=None, DeveloperProviderName=None, OpenIdConnectProviderARNs=None, region=None, key=None, keyid=None, profile=None)

Creates a new identity pool. All parameters except for IdentityPoolName is optional. SupportedLoginProviders should be a dictionary mapping provider names to provider app IDs. OpenIdConnectProviderARNs should be a list of OpenID Connect provider ARNs.

Returns the created identity pool if successful

CLI Example:

salt myminion boto_cognitoidentity.create_identity_pool my_id_pool_name                              DeveloperProviderName=custom_developer_provider
salt.modules.boto_cognitoidentity.delete_identity_pools(IdentityPoolName, IdentityPoolId=None, region=None, key=None, keyid=None, profile=None)

Given an identity pool name, (optionally if an identity pool id is given, the given name will be ignored)

Deletes all identity pools matching the given name, or the specific identity pool with the given identity pool id.

CLI Example:

salt myminion boto_cognitoidentity.delete_identity_pools my_id_pool_name
salt myminion boto_cognitoidentity.delete_identity_pools '' IdentityPoolId=my_id_pool_id
salt.modules.boto_cognitoidentity.describe_identity_pools(IdentityPoolName, IdentityPoolId=None, region=None, key=None, keyid=None, profile=None)

Given an identity pool name, (optionally if an identity pool id is given, the given name will be ignored)

Returns a list of matched identity pool name's pool properties

CLI Example:

salt myminion boto_cognitoidentity.describe_identity_pools my_id_pool_name
salt myminion boto_cognitoidentity.describe_identity_pools '' IdentityPoolId=my_id_pool_id
salt.modules.boto_cognitoidentity.get_identity_pool_roles(IdentityPoolName, IdentityPoolId=None, region=None, key=None, keyid=None, profile=None)

Given an identity pool name, (optionally if an identity pool id if given, the given name will be ignored)

Returns a list of matched identity pool name's associated roles

CLI Example:

salt myminion boto_cognitoidentity.get_identity_pool_roles my_id_pool_name
salt myminion boto_cognitoidentity.get_identity_pool_roles '' IdentityPoolId=my_id_pool_id
salt.modules.boto_cognitoidentity.set_identity_pool_roles(IdentityPoolId, AuthenticatedRole=None, UnauthenticatedRole=None, region=None, key=None, keyid=None, profile=None)

Given an identity pool id, set the given AuthenticatedRole and UnauthenticatedRole (the Role can be an iam arn, or a role name) If AuthenticatedRole or UnauthenticatedRole is not given, the authenticated and/or the unauthenticated role associated previously with the pool will be cleared.

Returns set True if successful, set False if unsuccessful with the associated errors.

CLI Example:

salt myminion boto_cognitoidentity.set_identity_pool_roles my_id_pool_roles  # this clears the roles
salt myminion boto_cognitoidentity.set_identity_pool_roles my_id_pool_id             AuthenticatedRole=my_auth_role UnauthenticatedRole=my_unauth_role  # this set both roles
salt myminion boto_cognitoidentity.set_identity_pool_roles my_id_pool_id             AuthenticatedRole=my_auth_role  # this will set the auth role and clear the unauth role
salt myminion boto_cognitoidentity.set_identity_pool_roles my_id_pool_id             UnauthenticatedRole=my_unauth_role  # this will set the unauth role and clear the auth role
salt.modules.boto_cognitoidentity.update_identity_pool(IdentityPoolId, IdentityPoolName=None, AllowUnauthenticatedIdentities=False, SupportedLoginProviders=None, DeveloperProviderName=None, OpenIdConnectProviderARNs=None, region=None, key=None, keyid=None, profile=None)

Updates the given IdentityPoolId's properties. All parameters except for IdentityPoolId, is optional. SupportedLoginProviders should be a dictionary mapping provider names to provider app IDs. OpenIdConnectProviderARNs should be a list of OpenID Connect provider ARNs.

To clear SupportedLoginProviders pass '{}'

To clear OpenIdConnectProviderARNs pass '[]'

boto3 api prevents DeveloperProviderName to be updated after it has been set for the first time.

Returns the updated identity pool if successful

CLI Example:

salt myminion boto_cognitoidentity.update_identity_pool my_id_pool_id my_id_pool_name                              DeveloperProviderName=custom_developer_provider