AWS | Create & Setup Identity Pool for Guest Access

For Users to SignIn to the App, we need to setup AWS User Pool. All the users will be registered automatically to this Pool. We will create a Custom Auth Pool with SMS & Email verification as the verification methods.

Refer to the Steps below to add the Auth User pool for your App.


STEP 1: #

Sign in to the AWS Console, Search for Cognito, and click on it.

STEP 2: #

  1. Navigate to Amazon Cognito > “Identity pools
  2. Select the correct AWS Region where you already have set up the Authentication Pool
  3. Click on “Create Identity pool” to create a pool for Un-authenticated users.

STEP 3: #

Select “Guest Access” as User Access type, click Next

STEP 4: #

Click on “Create a new IAM role

Set IAM role name as “GuestUnAuthAccessIAMrole

Click Next

STEP 5: #

Set Identity Pool name as “GuestAccessIdentityPool” & click Next

STEP 6: #

Review information & Click Next

STEP 7: #

👏 Congratulations! A new Identity Pool is now created. Copy the “AWS_GUEST_AUTH_POOL_ID” and use it wherever required.

Next, we have to attach Security Policy to the GuestUnAuthAccessIAMrole

STEP 8: #

Navigate the AWS Console, Search for IAM, and click on it.

Click on “Roles” from the left menu

Click on “GuestUnAuthAccessIAMrole

STEP 9: #

  1. GuestUnAuthAccessIAMrole details will be opened.
  2. Click on “Permissions” tab
  3. Click on “Cognito-unauthenticated-XXXXXXX” from the bottom

STEP 10: #

Cognito-unauthenticated-XXXXXXX” details will be opened.

Click on the “Edit” button as shown below to edit the Policy.

STEP 11: (Have to Change the Resource URL in production mode) #

Paste the code as shown below and click Next

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"cognito-identity:GetCredentialsForIdentity",
				"dynamodb:BatchGetItem",
				"dynamodb:ConditionCheckItem",
				"dynamodb:GetItem",
				"dynamodb:Query",
				"dynamodb:Scan"
			],
			"Resource": [
				"*"
			]
		},
		{
			"Effect": "Allow",
			"Action": "appsync:GraphQL",
			"Resource": [
										"arn:aws:appsync:AWSREGION:ACCOUNTID:apis/APPSYNC_APIID/types/Query/fields/listAWSPublicDocModels"

			]
		}
	]
}

STEP 12: #

Click “Save Changes


STEP 13: Link Authentication Pool with Identity Pool #

[NOT CORRECT]Go to AWS Cognito > Identity Pools > Select GuestAccessIdentityPool > User Access tab> Identity Providers > Add SocialSigninAuthpool / CustomAutenticaltionpool

👏 Congratulations! Identity Pool setup is now completed.

Powered by BetterDocs