diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/AccessTokenGeneration.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/AccessTokenGeneration.cs
new file mode 100644
index 000000000..9c0f97302
--- /dev/null
+++ b/Libraries/src/Amazon.Lambda.CognitoEvents/AccessTokenGeneration.cs
@@ -0,0 +1,50 @@
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+
+namespace Amazon.Lambda.CognitoEvents
+{
+ ///
+ /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
+ ///
+ [DataContract]
+ public class AccessTokenGeneration
+ {
+ ///
+ /// A map of one or more key-value pairs of claims to add or override. For group related claims, use
+ /// groupOverrideDetails instead.
+ ///
+ [DataMember(Name = "claimsToAddOrOverride")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("claimsToAddOrOverride")]
+# endif
+ public Dictionary ClaimsToAddOrOverride { get; set; } = new Dictionary();
+
+ ///
+ /// A list that contains claims to be suppressed from the identity token.
+ ///
+ [DataMember(Name = "claimsToSuppress")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("claimsToSuppress")]
+# endif
+ public List ClaimsToSuppress { get; set; } = new List();
+
+ ///
+ /// A list of OAuth 2.0 scopes that you want to add to the scope claim in your user's access token. You can't
+ /// add scope values that contain one or more blank-space characters.
+ ///
+ [DataMember(Name = "scopesToAdd")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("scopesToAdd")]
+# endif
+ public List ScopesToAdd { get; set; } = new List();
+
+ ///
+ /// A list of OAuth 2.0 scopes that you want to remove from the scope claim in your user's access token.
+ ///
+ [DataMember(Name = "scopesToSuppress")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("scopesToSuppress")]
+# endif
+ public List ScopesToSuppress { get; set; } = new List();
+ }
+}
diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/Amazon.Lambda.CognitoEvents.csproj b/Libraries/src/Amazon.Lambda.CognitoEvents/Amazon.Lambda.CognitoEvents.csproj
index b79a2c22d..91ed3d664 100644
--- a/Libraries/src/Amazon.Lambda.CognitoEvents/Amazon.Lambda.CognitoEvents.csproj
+++ b/Libraries/src/Amazon.Lambda.CognitoEvents/Amazon.Lambda.CognitoEvents.csproj
@@ -6,7 +6,7 @@
Amazon Lambda .NET Core support - CognitoEvents package.
netstandard2.0;netcoreapp3.1;net8.0
Amazon.Lambda.CognitoEvents
- 2.2.0
+ 2.3.0
Amazon.Lambda.CognitoEvents
Amazon.Lambda.CognitoEvents
AWS;Amazon;Lambda
diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/ClaimsAndScopeOverrideDetails.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/ClaimsAndScopeOverrideDetails.cs
new file mode 100644
index 000000000..83b483e37
--- /dev/null
+++ b/Libraries/src/Amazon.Lambda.CognitoEvents/ClaimsAndScopeOverrideDetails.cs
@@ -0,0 +1,38 @@
+using System.Runtime.Serialization;
+
+namespace Amazon.Lambda.CognitoEvents
+{
+ ///
+ /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
+ ///
+ [DataContract]
+ public class ClaimsAndScopeOverrideDetails
+ {
+ ///
+ /// The claims that you want to override, add, or suppress in your user’s ID token.
+ ///
+ [DataMember(Name = "idTokenGeneration")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("idTokenGeneration")]
+# endif
+ public IdTokenGeneration IdTokenGeneration { get; set; } = new IdTokenGeneration();
+
+ ///
+ /// The claims and scopes that you want to override, add, or suppress in your user’s access token.
+ ///
+ [DataMember(Name = "accessTokenGeneration")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("accessTokenGeneration")]
+# endif
+ public AccessTokenGeneration AccessTokenGeneration { get; set; } = new AccessTokenGeneration();
+
+ ///
+ /// The output object containing the current group configuration. It includes groupsToOverride, iamRolesToOverride, and preferredRole.
+ ///
+ [DataMember(Name = "groupOverrideDetails")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("groupOverrideDetails")]
+# endif
+ public GroupConfiguration GroupOverrideDetails { get; set; } = new GroupConfiguration();
+ }
+}
diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Event.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Event.cs
new file mode 100644
index 000000000..31eb7c791
--- /dev/null
+++ b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Event.cs
@@ -0,0 +1,9 @@
+namespace Amazon.Lambda.CognitoEvents
+{
+ ///
+ /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
+ ///
+ public class CognitoPreTokenGenerationV2Event : CognitoTriggerEvent
+ {
+ }
+}
diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Request.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Request.cs
new file mode 100644
index 000000000..3ef60f7ed
--- /dev/null
+++ b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Request.cs
@@ -0,0 +1,38 @@
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+
+namespace Amazon.Lambda.CognitoEvents
+{
+ ///
+ /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
+ ///
+ public class CognitoPreTokenGenerationV2Request : CognitoTriggerRequest
+ {
+ ///
+ /// The input object containing the current group configuration. It includes groupsToOverride, iamRolesToOverride, and preferredRole.
+ ///
+ [DataMember(Name = "groupConfiguration")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("groupConfiguration")]
+# endif
+ public GroupConfiguration GroupConfiguration { get; set; } = new GroupConfiguration();
+
+ ///
+ /// One or more key-value pairs that you can provide as custom input to the Lambda function that you specify for the pre sign-up trigger. You can pass this data to your Lambda function by using the ClientMetadata parameter in the following API actions: AdminVerifyUser, AdminRespondToAuthChallenge, ForgotPassword, and SignUp.
+ ///
+ [DataMember(Name = "clientMetadata")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("clientMetadata")]
+# endif
+ public Dictionary ClientMetadata { get; set; } = new Dictionary();
+
+ ///
+ /// A list that contains the OAuth 2.0 user scopes.
+ ///
+ [DataMember(Name = "scopes")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("scopes")]
+# endif
+ public List Scopes { get; set; } = new List();
+ }
+}
diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Response.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Response.cs
new file mode 100644
index 000000000..981a1aa83
--- /dev/null
+++ b/Libraries/src/Amazon.Lambda.CognitoEvents/CognitoPreTokenGenerationV2Response.cs
@@ -0,0 +1,19 @@
+using System.Runtime.Serialization;
+
+namespace Amazon.Lambda.CognitoEvents
+{
+ ///
+ /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
+ ///
+ public class CognitoPreTokenGenerationV2Response : CognitoTriggerResponse
+ {
+ ///
+ /// A container for all elements in a V2_0 trigger event.
+ ///
+ [DataMember(Name = "claimsAndScopeOverrideDetails")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("claimsAndScopeOverrideDetails")]
+# endif
+ public ClaimsAndScopeOverrideDetails ClaimsAndScopeOverrideDetails { get; set; } = new ClaimsAndScopeOverrideDetails();
+ }
+}
diff --git a/Libraries/src/Amazon.Lambda.CognitoEvents/IdTokenGeneration.cs b/Libraries/src/Amazon.Lambda.CognitoEvents/IdTokenGeneration.cs
new file mode 100644
index 000000000..e4c516961
--- /dev/null
+++ b/Libraries/src/Amazon.Lambda.CognitoEvents/IdTokenGeneration.cs
@@ -0,0 +1,30 @@
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+
+namespace Amazon.Lambda.CognitoEvents
+{
+ ///
+ /// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
+ ///
+ [DataContract]
+ public class IdTokenGeneration
+ {
+ ///
+ /// A map of one or more key-value pairs of claims to add or override. For group related claims, use groupOverrideDetails instead.
+ ///
+ [DataMember(Name = "claimsToAddOrOverride")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("claimsToAddOrOverride")]
+# endif
+ public Dictionary ClaimsToAddOrOverride { get; set; } = new Dictionary();
+
+ ///
+ /// A list that contains claims to be suppressed from the identity token.
+ ///
+ [DataMember(Name = "claimsToSuppress")]
+#if NETCOREAPP3_1_OR_GREATER
+ [System.Text.Json.Serialization.JsonPropertyName("claimsToSuppress")]
+# endif
+ public List ClaimsToSuppress { get; set; } = new List();
+ }
+}
diff --git a/Libraries/test/EventsTests.Shared/EventTests.cs b/Libraries/test/EventsTests.Shared/EventTests.cs
index 54a9977a6..0139d2de2 100644
--- a/Libraries/test/EventsTests.Shared/EventTests.cs
+++ b/Libraries/test/EventsTests.Shared/EventTests.cs
@@ -1069,6 +1069,92 @@ public void CognitoPreTokenGenerationEventTest(Type serializerType)
}
}
+ [Theory]
+ [InlineData(typeof(JsonSerializer))]
+#if NETCOREAPP3_1_OR_GREATER
+ [InlineData(typeof(Amazon.Lambda.Serialization.SystemTextJson.LambdaJsonSerializer))]
+ [InlineData(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]
+#endif
+ public void CognitoPreTokenGenerationV2EventTest(Type serializerType)
+ {
+ var serializer = Activator.CreateInstance(serializerType) as ILambdaSerializer;
+ using (var fileStream = LoadJsonTestFile("cognito-pretokengenerationv2-event.json"))
+ {
+ var cognitoPreTokenGenerationV2Event = serializer.Deserialize(fileStream);
+
+ AssertBaseClass(cognitoPreTokenGenerationV2Event, eventVersion: "2");
+
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.GroupsToOverride.Count);
+ Assert.Equal("group1", cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.GroupsToOverride[0]);
+ Assert.Equal("group2", cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.GroupsToOverride[1]);
+
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.IamRolesToOverride.Count);
+ Assert.Equal("role1", cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.IamRolesToOverride[0]);
+ Assert.Equal("role2", cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.IamRolesToOverride[1]);
+
+ Assert.Equal("role", cognitoPreTokenGenerationV2Event.Request.GroupConfiguration.PreferredRole);
+
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Request.ClientMetadata.Count);
+ Assert.Equal("metadata_1", cognitoPreTokenGenerationV2Event.Request.ClientMetadata.ToArray()[0].Key);
+ Assert.Equal("metadata_value_1", cognitoPreTokenGenerationV2Event.Request.ClientMetadata.ToArray()[0].Value);
+ Assert.Equal("metadata_2", cognitoPreTokenGenerationV2Event.Request.ClientMetadata.ToArray()[1].Key);
+ Assert.Equal("metadata_value_2", cognitoPreTokenGenerationV2Event.Request.ClientMetadata.ToArray()[1].Value);
+
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Request.UserAttributes.Count);
+ Assert.Equal("attribute_1", cognitoPreTokenGenerationV2Event.Request.UserAttributes.ToArray()[0].Key);
+ Assert.Equal("attribute_value_1", cognitoPreTokenGenerationV2Event.Request.UserAttributes.ToArray()[0].Value);
+ Assert.Equal("attribute_2", cognitoPreTokenGenerationV2Event.Request.UserAttributes.ToArray()[1].Key);
+ Assert.Equal("attribute_value_2", cognitoPreTokenGenerationV2Event.Request.UserAttributes.ToArray()[1].Value);
+
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Request.Scopes.Count);
+ Assert.Equal("scope_1", cognitoPreTokenGenerationV2Event.Request.Scopes.ToArray()[0]);
+ Assert.Equal("scope_2", cognitoPreTokenGenerationV2Event.Request.Scopes.ToArray()[1]);
+
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToAddOrOverride.Count);
+ Assert.Equal("claim_1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToAddOrOverride.ToArray()[0].Key);
+ Assert.Equal("claim_1_value_1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToAddOrOverride.ToArray()[0].Value);
+ Assert.Equal("claim_2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToAddOrOverride.ToArray()[1].Key);
+ Assert.Equal("claim_1_value_2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToAddOrOverride.ToArray()[1].Value);
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToSuppress.Count);
+ Assert.Equal("suppress1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToSuppress[0]);
+ Assert.Equal("suppress2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.IdTokenGeneration.ClaimsToSuppress[1]);
+
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToAddOrOverride.Count);
+ Assert.Equal("claim_1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToAddOrOverride.ToArray()[0].Key);
+ Assert.Equal("claim_1_value_1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToAddOrOverride.ToArray()[0].Value);
+ Assert.Equal("claim_2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToAddOrOverride.ToArray()[1].Key);
+ Assert.Equal("claim_1_value_2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToAddOrOverride.ToArray()[1].Value);
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToSuppress.Count);
+ Assert.Equal("suppress1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToSuppress[0]);
+ Assert.Equal("suppress2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ClaimsToSuppress[1]);
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToAdd.Count);
+ Assert.Equal("add1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToAdd[0]);
+ Assert.Equal("add2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToAdd[1]);
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToSuppress.Count);
+ Assert.Equal("suppress1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToSuppress[0]);
+ Assert.Equal("suppress2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.AccessTokenGeneration.ScopesToSuppress[1]);
+
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.GroupsToOverride.Count);
+ Assert.Equal("group1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.GroupsToOverride[0]);
+ Assert.Equal("group2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.GroupsToOverride[1]);
+
+ Assert.Equal(2, cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.IamRolesToOverride.Count);
+ Assert.Equal("role1", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.IamRolesToOverride[0]);
+ Assert.Equal("role2", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.IamRolesToOverride[1]);
+
+ Assert.Equal("role", cognitoPreTokenGenerationV2Event.Response.ClaimsAndScopeOverrideDetails.GroupOverrideDetails.PreferredRole);
+
+ MemoryStream ms = new MemoryStream();
+ serializer.Serialize(cognitoPreTokenGenerationV2Event, ms);
+ ms.Position = 0;
+ var json = new StreamReader(ms).ReadToEnd();
+
+ var original = JObject.Parse(File.ReadAllText("cognito-pretokengenerationv2-event.json"));
+ var serialized = JObject.Parse(json);
+ Assert.True(JToken.DeepEquals(serialized, original), "Serialized object is not the same as the original JSON");
+ }
+ }
+
[Theory]
[InlineData(typeof(JsonSerializer))]
#if NETCOREAPP3_1_OR_GREATER
@@ -1223,11 +1309,11 @@ public void CognitoCustomSmsSenderEventTest(Type serializerType)
}
}
- private static void AssertBaseClass(CognitoTriggerEvent cognitoTriggerEvent)
+ private static void AssertBaseClass(CognitoTriggerEvent cognitoTriggerEvent, string eventVersion = "1")
where TRequest : CognitoTriggerRequest, new()
where TResponse : CognitoTriggerResponse, new()
{
- Assert.Equal("1", cognitoTriggerEvent.Version);
+ Assert.Equal(eventVersion, cognitoTriggerEvent.Version);
Assert.Equal("us-east-1", cognitoTriggerEvent.Region);
Assert.Equal("us-east-1_id", cognitoTriggerEvent.UserPoolId);
Assert.Equal("username_uuid", cognitoTriggerEvent.UserName);
diff --git a/Libraries/test/EventsTests.Shared/EventsTests.Shared.projitems b/Libraries/test/EventsTests.Shared/EventsTests.Shared.projitems
index e34d37f62..50858a106 100644
--- a/Libraries/test/EventsTests.Shared/EventsTests.Shared.projitems
+++ b/Libraries/test/EventsTests.Shared/EventsTests.Shared.projitems
@@ -19,6 +19,7 @@
+
diff --git a/Libraries/test/EventsTests.Shared/cognito-pretokengenerationv2-event.json b/Libraries/test/EventsTests.Shared/cognito-pretokengenerationv2-event.json
new file mode 100644
index 000000000..947960cb6
--- /dev/null
+++ b/Libraries/test/EventsTests.Shared/cognito-pretokengenerationv2-event.json
@@ -0,0 +1,79 @@
+{
+ "version": "2",
+ "region": "us-east-1",
+ "userPoolId": "us-east-1_id",
+ "userName": "username_uuid",
+ "callerContext": {
+ "awsSdkVersion": "version",
+ "clientId": "client_id"
+ },
+ "triggerSource": "trigger_source",
+ "request": {
+ "userAttributes": {
+ "attribute_1": "attribute_value_1",
+ "attribute_2": "attribute_value_2"
+ },
+ "scopes": [
+ "scope_1",
+ "scope_2"
+ ],
+ "groupConfiguration": {
+ "groupsToOverride": [
+ "group1",
+ "group2"
+ ],
+ "iamRolesToOverride": [
+ "role1",
+ "role2"
+ ],
+ "preferredRole": "role"
+ },
+ "clientMetadata": {
+ "metadata_1": "metadata_value_1",
+ "metadata_2": "metadata_value_2"
+ }
+ },
+ "response": {
+ "claimsAndScopeOverrideDetails": {
+ "idTokenGeneration": {
+ "claimsToAddOrOverride": {
+ "claim_1": "claim_1_value_1",
+ "claim_2": "claim_1_value_2"
+ },
+ "claimsToSuppress": [
+ "suppress1",
+ "suppress2"
+ ]
+ },
+ "accessTokenGeneration": {
+ "claimsToAddOrOverride": {
+ "claim_1": "claim_1_value_1",
+ "claim_2": "claim_1_value_2"
+ },
+ "claimsToSuppress": [
+ "suppress1",
+ "suppress2"
+ ],
+ "scopesToAdd": [
+ "add1",
+ "add2"
+ ],
+ "scopesToSuppress": [
+ "suppress1",
+ "suppress2"
+ ]
+ },
+ "groupOverrideDetails": {
+ "groupsToOverride": [
+ "group1",
+ "group2"
+ ],
+ "iamRolesToOverride": [
+ "role1",
+ "role2"
+ ],
+ "preferredRole": "role"
+ }
+ }
+ }
+}
\ No newline at end of file