Austin's SWE Notes 😭

    AWS Cognito Identity Pools (Federated Identitiy)

    • Give temporary AWS credentials so that they can access our AWS services directly or through API Gateway.
    • Identity pool can include
      • Public providers (Amazon, Facebook, Google)
      • Users in Amazon Cognito user pool
      • OpenID Connect & SAML
      • Developer Authenticated Identities (custom login server)
      • Unauthenticated (guest) access
    • IAM Roles
      • To assign which role to which user:
        • We can specify a default IAM roles for authenticated and guest users
        • We can define rules to choose the role for each user based on the user's ID
        • Can partition your users' access using policy variables
          • Use policy variable to allow user to list s3 buckets Pasted image 20221017100314.png
          • User policy variable to allow user to interact with DynamoDBPasted image 20221017100328.png
      • IAM credentials are obtained by Cognito Identity Pools through STS
      • The role must have a "trust" policy of Cognito Identity Pools

    Integration

    Pasted image 20221017095648.png
    Or we centralise all users to AWS Cognito User Pools
    Pasted image 20221017095801.png

    ← STS Decode
    AWS Cognito Sync →