The current implementation of IdentityPoolRoleAttachment is "half-broken" in the way that it's hard to do any role-mapping against providers that have been created through CloudFormation.
You can't reference them, since they are supposed to be keys in the role map.
This prevents a pretty normal usercase of cognito userpool + identity pool with rolemappings for mapping different roles depending on various claims, groups etc.
The current implementation of IdentityPoolRoleAttachment is "half-broken" in the way that it's hard to do any role-mapping against providers that have been created through CloudFormation.
You can't reference them, since they are supposed to be keys in the role map. This prevents a pretty normal usercase of cognito userpool + identity pool with rolemappings for mapping different roles depending on various claims, groups etc.
More info about mappings can be found here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html.
We have a Custom Resource for it we call
Custom::CognitoIdentityPoolRolesand can be found here https://github.com/dwtechnologies/custom-cf.Project is written in Go and has a Makefile and instructions on how to deploy. Resource instructions are in the README under the specific resource.
Hope this helps anyone out!