AWS Cognito User and Identity Pools

Create User Pool

Log in to AWS console and click Services and enter Cognito to search field.

On Cognito page select Manage User Pools.

Now click Create user pool.

On following screen choose Pool name and click Step through settings.

Have checked Username and also Also allow sign in with verified email address if you want to.

Then click Next step.

Now you are in Policies section. You can leave pre-selected options to keep your password strong.

Then click several times Next step to get on Devices page.

Here select No button at remembering of your user’s devices and click Next step.

On App clients page click Add an app client.

Specify App client name, and clear check at Generate client secret and press Create app client button.

Then repeatedly Next step till you get to Review page. Here click Create pool button and your pool is ready.

Here please save Pool Id and Pool ARN for next steps.

Click App clients to get App client id needed for next steps.

If you use any attributes or customer attributes you have to give the client permission. Click Set attribute read and write permissions and check boxes at your attributes used by your client. You need this especially when you have defined any custom attributes.

Create Identity pool

Identity pools provide AWS credentials to grant user access to other AWS services.

Go to Cognity service and select Manage Identity Pools, then Create new identity pool.

Then define Identity pool name and under Authentication providers select Cognito.

Here you need enter User Pool ID and App client id from previous steps. If you do not have them go back to your User pool and see then on dashboard and under App clients button.

Then click Create Pool and then Allow.

Then you can see your Identity pool ID which you need in your client applications accessing this pool.

Click Go to Dashboard.

On Dashboard page click Edit identity pool.

On edit page roll out Authentication providers section and in Cognito tab click Choose role from token button and then set Role resolution as ‘DENY’.

Then Save Changes button.

You may also like...

Follow by Email
LinkedIn
LinkedIn
Share