AWS Cognito Invalid identity pool configuration

Question

I am using the AWS Javascript API and trying to get the assigned cognito id:

AWS.config.credentials.get(function(err) {
    if (!err) {
        console.log(\         


        

Answer 1

After some digging I realized that you must add the RoleArn and AccountId to your credentials.

Even though most of the documentation out there mention this as being enough:

AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: 'us-east-1:xxxxx-a87e-46ed-9519-xxxxxxx',
});

This was not enough.

I had to do this:

AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: 'us-east-1:xxxxx-a87e-46ed-9519-xxxxx',
    RoleArn: 'arn:aws:iam::xxxxx:role/Cognito_xxxxUsersUnauth_Role',
    AccountId: 'xxxxxxxxx', // your AWS account ID
});

You must mention the ARN of your Role for your identity pool.

The only doc that mention it right is this one.

The wrong ones:

• http://docs.aws.amazon.com/AWSJavaScriptSDK/guide/browser-configuring.html

• https://mobile.awsblog.com/post/TxBVEDL5Z8JKAC/Use-Amazon-Cognito-in-your-website-for-simple-AWS-authentication

• https://blogs.aws.amazon.com/javascript/post/TxTUNTVES4AL15/Authentication-in-the-Browser-with-Amazon-Cognito-and-Public-Identity-Providers

Maybe I'm missing something but this is certainly confusing.