How can one make authenticated requests with AWS Cognito from mobile to AWS services (i.e. CloudSearch)?

Question

I\'ve read a bunch of AWS documentation in the last day or two, but haven\'t yet come across anything that really answers the follow:

If a mobile app is using AWS Co

Answer 1

Requests to AWS APIs are are authenticated via credentials. For almost all services, this authentication occurs via signature version 4, which uses an HMAC of the payload of the request signed with the access secret key portion of the credential.

For credentials that are vended as part of the Amazon Cognito authflow, a sessionKey is also included that has contextual information about the user that logged in. When the policies associated with those credentials are evaluated, variables can be replaced with these contextual values (e.g. cognito-identity.amazonaws.com:sub for the identity id) to determine if the credentials have the specified access.