CognitoIdentityProvider / Client / create_group
create_group#
- CognitoIdentityProvider.Client.create_group(**kwargs)#
Creates a new group in the specified user pool.
Note
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
See also: AWS API Documentation
Request Syntax
response = client.create_group( GroupName='string', UserPoolId='string', Description='string', RoleArn='string', Precedence=123 )
- Parameters:
GroupName (string) –
[REQUIRED]
The name of the group. Must be unique.
UserPoolId (string) –
[REQUIRED]
The user pool ID for the user pool.
Description (string) – A string containing the description of the group.
RoleArn (string) – The role Amazon Resource Name (ARN) for the group.
Precedence (integer) –
A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower
Precedencevalues take precedence over groups with higher or nullPrecedencevalues. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user’s tokens for thecognito:rolesandcognito:preferred_roleclaims.Two groups can have the same
Precedencevalue. If this happens, neither group takes precedence over the other. If two groups with the samePrecedencehave the same role ARN, that role is used in thecognito:preferred_roleclaim in tokens for users in each group. If the two groups have different role ARNs, thecognito:preferred_roleclaim isn’t set in users’ tokens.The default
Precedencevalue is null. The maximumPrecedencevalue is2^31-1.
- Return type:
dict
- Returns:
Response Syntax
{ 'Group': { 'GroupName': 'string', 'UserPoolId': 'string', 'Description': 'string', 'RoleArn': 'string', 'Precedence': 123, 'LastModifiedDate': datetime(2015, 1, 1), 'CreationDate': datetime(2015, 1, 1) } }
Response Structure
(dict) –
Group (dict) –
The group object for the group.
GroupName (string) –
The name of the group.
UserPoolId (string) –
The user pool ID for the user pool.
Description (string) –
A string containing the description of the group.
RoleArn (string) –
The role Amazon Resource Name (ARN) for the group.
Precedence (integer) –
A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower
Precedencevalues take precedence over groups with higher ornullPrecedencevalues. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user’s tokens for thecognito:rolesandcognito:preferred_roleclaims.Two groups can have the same
Precedencevalue. If this happens, neither group takes precedence over the other. If two groups with the samePrecedencehave the same role ARN, that role is used in thecognito:preferred_roleclaim in tokens for users in each group. If the two groups have different role ARNs, thecognito:preferred_roleclaim isn’t set in users’ tokens.The default
Precedencevalue is null.LastModifiedDate (datetime) –
The date and time, in ISO 8601 format, when the item was modified.
CreationDate (datetime) –
The date and time, in ISO 8601 format, when the item was created.
Exceptions
CognitoIdentityProvider.Client.exceptions.InvalidParameterExceptionCognitoIdentityProvider.Client.exceptions.GroupExistsExceptionCognitoIdentityProvider.Client.exceptions.ResourceNotFoundExceptionCognitoIdentityProvider.Client.exceptions.TooManyRequestsExceptionCognitoIdentityProvider.Client.exceptions.LimitExceededExceptionCognitoIdentityProvider.Client.exceptions.NotAuthorizedExceptionCognitoIdentityProvider.Client.exceptions.InternalErrorException