boto3_cognitoidentity

Connection module for Amazon Cognito Identity using boto3.

Renamed from boto_cognitoidentity to boto3_cognitoidentity and rewritten to use the boto3 cognito-identity client APIs directly via saltext.boto3.utils.boto3mod. The legacy boto2 code path (object-style access, retry loops) has been removed.

depends:

  • boto3 >= 1.28.0

  • botocore >= 1.31.0

configuration:

This module accepts explicit Cognito Identity credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in the minion’s config file or as a profile. For example, to specify them in the minion’s config file:

cognito_identity.keyid: GKTADJGHEIQSXMKKRBJ08H
cognito_identity.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be specified in the configuration:

cognito_identity.region: us-east-1

It’s also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1

Added in version 1.0.0.

saltext.boto3.modules.boto3_cognitoidentity.__virtual__()[source]

Only load if boto3 is available.

saltext.boto3.modules.boto3_cognitoidentity.describe_identity_pools(IdentityPoolName, IdentityPoolId=None, region=None, key=None, keyid=None, profile=None)[source]

Given an identity pool name (or optionally an identity pool id, in which case the given name will be ignored), return the matching identity pool properties.

CLI Example:

salt myminion boto3_cognitoidentity.describe_identity_pools my_id_pool_name
salt myminion boto3_cognitoidentity.describe_identity_pools '' IdentityPoolId=my_id_pool_id
saltext.boto3.modules.boto3_cognitoidentity.create_identity_pool(IdentityPoolName, AllowUnauthenticatedIdentities=False, SupportedLoginProviders=None, DeveloperProviderName=None, OpenIdConnectProviderARNs=None, region=None, key=None, keyid=None, profile=None)[source]

Create a new identity pool. All parameters except for IdentityPoolName are optional. SupportedLoginProviders should be a dict mapping provider names to provider app IDs. OpenIdConnectProviderARNs should be a list of OpenID Connect provider ARNs.

CLI Example:

salt myminion boto3_cognitoidentity.create_identity_pool my_id_pool_name \
    DeveloperProviderName=custom_developer_provider
saltext.boto3.modules.boto3_cognitoidentity.delete_identity_pools(IdentityPoolName, IdentityPoolId=None, region=None, key=None, keyid=None, profile=None)[source]

Given an identity pool name (or optionally an identity pool id, in which case the given name will be ignored), delete all matching identity pools.

CLI Example:

salt myminion boto3_cognitoidentity.delete_identity_pools my_id_pool_name
salt myminion boto3_cognitoidentity.delete_identity_pools '' IdentityPoolId=my_id_pool_id
saltext.boto3.modules.boto3_cognitoidentity.get_identity_pool_roles(IdentityPoolName, IdentityPoolId=None, region=None, key=None, keyid=None, profile=None)[source]

Given an identity pool name (or optionally an identity pool id, in which case the given name will be ignored), return a list of associated roles.

CLI Example:

salt myminion boto3_cognitoidentity.get_identity_pool_roles my_id_pool_name
salt myminion boto3_cognitoidentity.get_identity_pool_roles '' IdentityPoolId=my_id_pool_id
saltext.boto3.modules.boto3_cognitoidentity.set_identity_pool_roles(IdentityPoolId, AuthenticatedRole=None, UnauthenticatedRole=None, region=None, key=None, keyid=None, profile=None)[source]

Given an identity pool id, set the given AuthenticatedRole and UnauthenticatedRole (each can be an iam arn or a role name). If either role is not given, the previously associated role is cleared.

CLI Example:

salt myminion boto3_cognitoidentity.set_identity_pool_roles my_id_pool_id
saltext.boto3.modules.boto3_cognitoidentity.update_identity_pool(IdentityPoolId, IdentityPoolName=None, AllowUnauthenticatedIdentities=False, SupportedLoginProviders=None, DeveloperProviderName=None, OpenIdConnectProviderARNs=None, region=None, key=None, keyid=None, profile=None)[source]

Update the given IdentityPoolId’s properties. All parameters except for IdentityPoolId are optional. SupportedLoginProviders should be a dict mapping provider names to provider app IDs. OpenIdConnectProviderARNs should be a list of OpenID Connect provider ARNs.

To clear SupportedLoginProviders pass {}. To clear OpenIdConnectProviderARNs pass [].

DeveloperProviderName cannot be updated after it has been set.

CLI Example:

salt myminion boto3_cognitoidentity.update_identity_pool my_id_pool_id my_id_pool_name \
    DeveloperProviderName=custom_developer_provider