We will install AWS Amplify’s Javascript SDK (amplify-js). Once both the IAM roles are edited as shown above, they will enable authenticated users to perform S3 operations. IMPORTANT: Make sure that the :aud is your Cognito identity pool id and :amr is authenticated for the authenticated role and unauthenticated for the unauthenticated role. On the next page select your identity pool and then “ Edit identity pool” link on the top right hand corner.Įnsure Trust Relationship is set correctly This should take you to the identity pool manager. Head over to Cognito console and click on the “ Manage Identity Pool” from the homepage. We will need to assign individual IAM Roles to both even though we are only going to use the Authenticated Role since we want our users to only be able to upload files if they are authenticated. Unauthenticated Role: For when the user is in unauthenticated state.Authenticated Role : For when the user is in authenticated state.Identity Pool allows you to add two types of roles (IAM Roles). When a user authenticates using the Cognito Identity Pool, their identity would “assume” the IAM role that we assigned to the identity pool and they can then perform the allowed operations on S3. Once we have our User Pool and Identity Pool ready, we need a way to add permissions to the Identity Pool which will give our users the ability to perform S3 operations (like PUT, GET, LIST etc.). Once we have Cognito ready to go we can move on to the next section. We will keep a note of this as we will need it later. Just like a user pool a CIP will have its own ID (eg: us-east-1:16e03s22-ce44–4cf5-jhg8-f11245xfcB15). CIP lets you assign IAM roles at authenticated and unauthenticated levels which basically dictates what services (or parts of services) can a user access if they are authenticated vs. you will need to setup a “Federated Identity” using Cognito Identity Pool (CIP). However, if you want your users to have fine grain access to other AWS Services, or perhaps integrate 3rd party Authentication providers such as Google, Facebook, Twitter, SAML etc. Cognito Identity Pool: Technically, a User Pool alone is enough to setup a basic authentication service with Cognito for your app.Once, a user pool is created, it should provide you a “Cognito User Pool ID” (eg. You can check out this webinar on how to create a user pool (or there are plethora of articles online that will help you get started). minimum 8 characters), define custom user attributes, enable MFA (multi factor authentication), and so on. using email, or username, or phone number or all of them), it let’s you define password policy (eg. Cognito User Pool: User pools allow you to setup how your users are going to sign-up and sign-in to your app (i.e.For the sake of this article it’s important to understand the two functions of Cognito. If you didn’t already know, Cognito makes it easy for you to let your users sign up/sign in to your app and enables you to manage their access control to your AWS services (such as in this case, S3). You can skip this section if you already have a Cognito User Pool and Identity Pool set-up.īefore we get into the details of implementing Amplify with React, it’s important to understand what role Cognito plays in this entire process. User authentication & S3 operations Authentication Using Cognito (a pre-requisite)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |