Amazon Cognito · JSON Structure

Cognito Identity Mapping Rule Structure

A rule that maps a claim name, a claim value, and a match type to a role ARN.

Type: object Properties: 4 Required: 4
AuthenticationAuthorizationIdentityIdentity ProviderOAuth2OIDC

MappingRule is a JSON Structure definition published by Amazon Cognito, describing 4 properties, of which 4 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

Claim MatchType Value RoleARN

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "type": "object",
  "properties": {
    "Claim": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ClaimName"
        },
        {
          "description": "The claim name that must be present in the token, for example, \"isAdmin\" or \"paid\"."
        }
      ]
    },
    "MatchType": {
      "allOf": [
        {
          "$ref": "#/components/schemas/MappingRuleMatchType"
        },
        {
          "description": "The match condition that specifies how closely the claim value in the IdP token must match <code>Value</code>."
        }
      ]
    },
    "Value": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ClaimValue"
        },
        {
          "description": "A brief string that the claim must match, for example, \"paid\" or \"yes\"."
        }
      ]
    },
    "RoleARN": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ARNString"
        },
        {
          "description": "The role ARN."
        }
      ]
    }
  },
  "required": [
    "Claim",
    "MatchType",
    "Value",
    "RoleARN"
  ],
  "description": "A rule that maps a claim name, a claim value, and a match type to a role ARN.",
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/aws-cognito/refs/heads/main/json-structure/cognito-identity-mapping-rule-structure.json",
  "name": "MappingRule"
}