For Users to SignIn to the App, we need to setup AWS User Pool. All the users will be registered automatically to this Pool. We will create a Custom Auth Pool with SMS & Email verification as the verification methods.
Refer to the Steps below to add the Auth User pool for your App.
STEP 1: #
Sign in to the AWS Console, Search for Cognito, and click on it.
STEP 2: #
- Navigate to Amazon Cognito > “Identity pools“
- Select the correct AWS Region where you already have set up the Authentication Pool
- Click on “Create Identity pool” to create a pool for Un-authenticated users.
STEP 3: #
Select “Guest Access” as User Access type, click Next
STEP 4: #
Click on “Create a new IAM role”
Set IAM role name as “GuestUnAuthAccessIAMrole”
Click Next
STEP 5: #
Set Identity Pool name as “GuestAccessIdentityPool” & click Next
STEP 6: #
Review information & Click Next
STEP 7: #
👏 Congratulations! A new Identity Pool is now created. Copy the “AWS_GUEST_AUTH_POOL_ID” and use it wherever required.
Next, we have to attach Security Policy to the GuestUnAuthAccessIAMrole
STEP 8: #
Navigate the AWS Console, Search for IAM, and click on it.
Click on “Roles” from the left menu
Click on “GuestUnAuthAccessIAMrole“
STEP 9: #
- GuestUnAuthAccessIAMrole details will be opened.
- Click on “Permissions” tab
- Click on “Cognito-unauthenticated-XXXXXXX” from the bottom
STEP 10: #
“Cognito-unauthenticated-XXXXXXX” details will be opened.
Click on the “Edit” button as shown below to edit the Policy.
STEP 11: (Have to Change the Resource URL in production mode) #
Paste the code as shown below and click Next
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cognito-identity:GetCredentialsForIdentity",
"dynamodb:BatchGetItem",
"dynamodb:ConditionCheckItem",
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": "appsync:GraphQL",
"Resource": [
"arn:aws:appsync:AWSREGION:ACCOUNTID:apis/APPSYNC_APIID/types/Query/fields/listAWSPublicDocModels"
]
}
]
}
STEP 12: #
Click “Save Changes“
STEP 13: Link Authentication Pool with Identity Pool #
[NOT CORRECT]Go to AWS Cognito > Identity Pools > Select GuestAccessIdentityPool > User Access tab> Identity Providers > Add SocialSigninAuthpool / CustomAutenticaltionpool
👏 Congratulations! Identity Pool setup is now completed.