RoleMapping ProviderName or is not a configured provider.
See original GitHub issue❓ General Issue
I am trying to add a role attachment to a cognito identity pool using groups but keep getting: “XXX is not a valid RoleMapping ProviderName or is not a configured provider.” even though the userpool and app client I am using definitely exist.
Environment
- CDK CLI Version: aws-cdk@1.36.0
- Module Version: @aws-cdk/aws-cognito": "^1.36.0
- OS: OSX Mojave
- **Language:**TypeScript
Other information
As far as I can see it is something wrong with this part :
“IdentityProvider”: “cognito-idp.eu-west-2.amazonaws.com/USER_POOL_ID:CLIENT_ID”
but the docs here state exactly this format.
Here is my cloud formation template output that CDK is creating any help on this would be greatly appreciated!
"XXXXroleattachment": { "Type": "AWS::Cognito::IdentityPoolRoleAttachment", "Properties": { "IdentityPoolId": "eu-west-2:XXXXXXXXXXXXXXXX", "RoleMappings": { roleMapping: { "AmbiguousRoleResolution": "Deny", "IdentityProvider": "cognito-idp.eu-west-2.amazonaws.com/eu-west2_XXXXXXX:XXXXXXXXXXXXX", "RulesConfiguration": { "Rules": [ { "Claim": "cognito:groups", "MatchType": "Contains", "RoleARN": "arn:aws:iam::XXXXXXX:role/XXXXXXXX", "Value": "XXXXXX" } ] }, "Type": "Rules" } }, "Roles": { "unauthenticated": "arn:aws:iam::XXXXXXXXX:role/XXXXXXXXXXXXX", "authenticated": "arn:aws:iam::XXXXXXXXX:role/XXXXXXXXXXXXX" } }, "Metadata": { "aws:cdk:path": Stack/role-attachment" } }
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:7 (2 by maintainers)
Top GitHub Comments
For the record, I faced this same issue but I was able to make it work, version 1.57.0
For the identityProvider, just use the combination of userPoolProviderName and userPoolClientId is fine, no need to be fancy 😃
BTW, I like how the doc doesn’t mention these, or just my IQ under 90