AWS Cognito user groups and users

Within User Pool you can create Groups including specific policy. Each group can have assigned users. First of all you have to create new Role assigned to user group and new Policy assigned to the Role.

Create policy

Click Service and in search field enter IAM (Identity and Access Management.

On IAM screen click Policies and then Create policy button.

This image has an empty alt attribute; its file name is Pasted-83-1024x477.png

Here you can define the policy via Visual editor or directly by writing JSON. Stay in Visual editor, click Service and select DynamoDB.

Under Actions select Read and then Query and Scan items. This will allow to your users read DynamoDB entries.

This image has an empty alt attribute; its file name is Pasted-84-1024x651.png

Then under Resources select ‘All resources’ which will allow to enter all DynamoDB tables. Later on you can specify table or even it’s entry.

Then click Review Policy.

This image has an empty alt attribute; its file name is Pasted-85-1024x535.png

On next screen specify Name, Description and click Create policy.

This image has an empty alt attribute; its file name is Pasted-86-1024x701.png

Now you are informed that policy has been created.

This image has an empty alt attribute; its file name is Pasted-87.png

Create Role

In IAM console click Roles in left menu and then Create role button.

On next screen select Web identity, then select Identity Provider as ‘Amazon Cognito’ and enter Identity Pool ID and click Next: Permissions.

This image has an empty alt attribute; its file name is Pasted-79-1024x409.png

Identity Pool ID you can get from Cognito. Open new window, go here: https://eu-central-1.console.aws.amazon.com/cognito/federated and click your identity pool. Then on Dashboard of your pool click Edit identity pool and you can see it.

This image has an empty alt attribute; its file name is Pasted-80-1024x504.png

Back in role creating – on next screen enter to the search field name of your policy as you have done above and check selection box near it. Then press Next: Tag button and then Next: Review button.

This image has an empty alt attribute; its file name is Pasted-88-1024x387.png

Then enter Role name and Role description items. Click Create role.

This image has an empty alt attribute; its file name is Pasted-89-1024x545.png

Congratulation, your role has been created and you should see it in the list of roles.

Create User Groups

In AWS console and click Services and enter Cognito to search field.

This image has an empty alt attribute; its file name is Pasted-58-1024x402.png

On Cognito page select Manage User Pools and then select your User Pool. More about creating user pool is here http://3.121.146.232/2019/09/18/how-to-create-cognito-user-and-identity-pools/

This image has an empty alt attribute; its file name is Pasted-59-1024x543.png

Click Users and groups on the left and Groups tab. Then press Create group button.

This image has an empty alt attribute; its file name is Pasted-69-1024x398.png

Specify Name and Description of the new group. Then open IAM role item and select your role created previously.

Click Create group.

Now you can see your new group in list of groups. This group has rights specified in Policy of attached role. If you need extend or limit access rights, simply edit policy.

Create users

In Cognito User pools select Users and groups, then Users tab and click Create user.

On next screen specify parameters as shown in picture and click Create user. Note that password must comply with requirements specified during group creation.

Now you can see this user in the list of users. Click on it username and select Add to group button.

Then simply select the group you would like to assign the user to and click Add to group button. Close dialogue.

Now you can check that user has been properly added to the group. Go to User and groups, select Groups tab and click group name. The user shall to be displayed in the list.

You may also like...

Follow by Email
LinkedIn
LinkedIn
Share