:doc:`CognitoIdentityProvider <../../cognito-idp>` / Client / update_group

************
update_group
************



.. py:method:: CognitoIdentityProvider.Client.update_group(**kwargs)

  

  Given the name of a user pool group, updates any of the properties for precedence, IAM role, or description. For more information about user pool groups, see `Adding groups to a user pool <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html>`__.

   

  .. note::

    

    Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

     

    **Learn more**

     

    
    * `Signing Amazon Web Services API Requests <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html>`__
     
    * `Using the Amazon Cognito user pools API and user pool endpoints <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html>`__
    

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateGroup>`_  


  **Request Syntax**
  ::

    response = client.update_group(
        GroupName='string',
        UserPoolId='string',
        Description='string',
        RoleArn='string',
        Precedence=123
    )
    
  :type GroupName: string
  :param GroupName: **[REQUIRED]** 

    The name of the group that you want to update.

    

  
  :type UserPoolId: string
  :param UserPoolId: **[REQUIRED]** 

    The ID of the user pool that contains the group you want to update.

    

  
  :type Description: string
  :param Description: 

    A new description of the existing group.

    

  
  :type RoleArn: string
  :param RoleArn: 

    The Amazon Resource Name (ARN) of an IAM role that you want to associate with the group. The role assignment contributes to the ``cognito:roles`` and ``cognito:preferred_role`` claims in group members' tokens.

    

  
  :type Precedence: integer
  :param Precedence: 

    A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower ``Precedence`` values take precedence over groups with higher or null ``Precedence`` values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the ``cognito:roles`` and ``cognito:preferred_role`` claims.

     

    Two groups can have the same ``Precedence`` value. If this happens, neither group takes precedence over the other. If two groups with the same ``Precedence`` have the same role ARN, that role is used in the ``cognito:preferred_role`` claim in tokens for users in each group. If the two groups have different role ARNs, the ``cognito:preferred_role`` claim isn't set in users' tokens.

     

    The default ``Precedence`` value is null. The maximum ``Precedence`` value is ``2^31-1``.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Group': {
              'GroupName': 'string',
              'UserPoolId': 'string',
              'Description': 'string',
              'RoleArn': 'string',
              'Precedence': 123,
              'LastModifiedDate': datetime(2015, 1, 1),
              'CreationDate': datetime(2015, 1, 1)
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Group** *(dict) --* 

        Contains the updated details of the group, including precedence, IAM role, and description.

        
        

        - **GroupName** *(string) --* 

          The name of the group.

          
        

        - **UserPoolId** *(string) --* 

          The ID of the user pool that contains the group.

          
        

        - **Description** *(string) --* 

          A friendly description of the group.

          
        

        - **RoleArn** *(string) --* 

          The ARN of the IAM role associated with the group. If a group has the highest priority of a user's groups, users who authenticate with an identity pool get credentials for the ``RoleArn`` that's associated with the group.

          
        

        - **Precedence** *(integer) --* 

          A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower ``Precedence`` values take precedence over groups with higher ornull ``Precedence`` values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the ``cognito:roles`` and ``cognito:preferred_role`` claims.

           

          Two groups can have the same ``Precedence`` value. If this happens, neither group takes precedence over the other. If two groups with the same ``Precedence`` have the same role ARN, that role is used in the ``cognito:preferred_role`` claim in tokens for users in each group. If the two groups have different role ARNs, the ``cognito:preferred_role`` claim isn't set in users' tokens.

           

          The default ``Precedence`` value is ``null``.

          
        

        - **LastModifiedDate** *(datetime) --* 

          The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java ``Date`` object.

          
        

        - **CreationDate** *(datetime) --* 

          The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java ``Date`` object.

          
    
  
  **Exceptions**
  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.TooManyRequestsException`

  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.NotAuthorizedException`

  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.InternalErrorException`

  