CognitoIdentityProvider / Client / create_group

create_group#

CognitoIdentityProvider.Client.create_group(**kwargs)#

Creates a new group in the specified user pool.

Note

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

See also: AWS API Documentation

Request Syntax

response = client.create_group(
    GroupName='string',
    UserPoolId='string',
    Description='string',
    RoleArn='string',
    Precedence=123
)
Parameters:
  • GroupName (string) –

    [REQUIRED]

    The name of the group. Must be unique.

  • UserPoolId (string) –

    [REQUIRED]

    The user pool ID for the user pool.

  • Description (string) – A string containing the description of the group.

  • RoleArn (string) – The role Amazon Resource Name (ARN) for the group.

  • Precedence (integer) –

    A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower Precedence values take precedence over groups with higher or null Precedence values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user’s tokens for the cognito:roles and cognito:preferred_role claims.

    Two groups can have the same Precedence value. If this happens, neither group takes precedence over the other. If two groups with the same Precedence have the same role ARN, that role is used in the cognito:preferred_role claim in tokens for users in each group. If the two groups have different role ARNs, the cognito:preferred_role claim isn’t set in users’ tokens.

    The default Precedence value is null. The maximum Precedence value is 2^31-1.

Return type:

dict

Returns:

Response Syntax

{
    'Group': {
        'GroupName': 'string',
        'UserPoolId': 'string',
        'Description': 'string',
        'RoleArn': 'string',
        'Precedence': 123,
        'LastModifiedDate': datetime(2015, 1, 1),
        'CreationDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) –

    • Group (dict) –

      The group object for the group.

      • GroupName (string) –

        The name of the group.

      • UserPoolId (string) –

        The user pool ID for the user pool.

      • Description (string) –

        A string containing the description of the group.

      • RoleArn (string) –

        The role Amazon Resource Name (ARN) for the group.

      • Precedence (integer) –

        A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower Precedence values take precedence over groups with higher ornull Precedence values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user’s tokens for the cognito:roles and cognito:preferred_role claims.

        Two groups can have the same Precedence value. If this happens, neither group takes precedence over the other. If two groups with the same Precedence have the same role ARN, that role is used in the cognito:preferred_role claim in tokens for users in each group. If the two groups have different role ARNs, the cognito:preferred_role claim isn’t set in users’ tokens.

        The default Precedence value is null.

      • LastModifiedDate (datetime) –

        The date and time, in ISO 8601 format, when the item was modified.

      • CreationDate (datetime) –

        The date and time, in ISO 8601 format, when the item was created.

Exceptions

  • CognitoIdentityProvider.Client.exceptions.InvalidParameterException

  • CognitoIdentityProvider.Client.exceptions.GroupExistsException

  • CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException

  • CognitoIdentityProvider.Client.exceptions.TooManyRequestsException

  • CognitoIdentityProvider.Client.exceptions.LimitExceededException

  • CognitoIdentityProvider.Client.exceptions.NotAuthorizedException

  • CognitoIdentityProvider.Client.exceptions.InternalErrorException