boto3_cognitoidentity

Manage Cognito Identity Pools using boto3.

Renamed from boto_cognitoidentity to boto3_cognitoidentity and updated to call the refactored boto3_cognitoidentity execution module.

Create and destroy Cognito Identity Pools. Be aware that this interacts with Amazon’s services, and so may incur charges.

depends:

  • boto3 >= 1.28.0

  • botocore >= 1.31.0

This module uses boto3, which can be installed via package, or pip.

This module accepts explicit Cognito Identity credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in the minion’s config file or as a profile. For example, to specify them in the minion’s config file:

cognitoidentity.keyid: GKTADJGHEIQSXMKKRBJ08H
cognitoidentity.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

It’s also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1

ensure-pool-present:
  boto3_cognitoidentity.pool_present:
    - name: example

Added in version 1.0.0.

saltext.boto3.states.boto3_cognitoidentity.__virtual__()[source]

Only load if the boto3_cognitoidentity execution module is available.

saltext.boto3.states.boto3_cognitoidentity.pool_present(name, IdentityPoolName, AuthenticatedRole, AllowUnauthenticatedIdentities=False, UnauthenticatedRole=None, SupportedLoginProviders=None, DeveloperProviderName=None, OpenIdConnectProviderARNs=None, region=None, key=None, keyid=None, profile=None)[source]

Ensure the given Cognito Identity Pool exists.

name

The name of the state definition.

IdentityPoolName

Name of the Cognito Identity Pool.

AuthenticatedRole

An IAM role name or ARN that will be associated with temporary AWS credentials for an authenticated cognito identity.

AllowUnauthenticatedIdentities

Whether to allow anonymous user identities.

UnauthenticatedRole

An IAM role name or ARN that will be associated with anonymous user identities.

SupportedLoginProviders

A dictionary or pillar key that contains key:value pairs mapping provider names to provider app IDs.

DeveloperProviderName

The domain by which Cognito will refer to your users. Once set, it cannot be changed.

OpenIdConnectProviderARNs

A list or pillar key that contains a list of OpenID Connect provider ARNs.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

Example:

ensure-pool-present:
  boto3_cognitoidentity.pool_present:
    - name: example
saltext.boto3.states.boto3_cognitoidentity.pool_absent(name, IdentityPoolName, RemoveAllMatched=False, region=None, key=None, keyid=None, profile=None)[source]

Ensure a Cognito Identity Pool is absent.

name

The name of the state definition.

IdentityPoolName

Name of the Cognito Identity Pool.

RemoveAllMatched

If True, all identity pools matching IdentityPoolName are removed. If False and multiple pools match, no action is taken.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

Example:

ensure-pool-absent:
  boto3_cognitoidentity.pool_absent:
    - name: example