How to make unauthenticated access working with Amazon Cognito?

Question

1. I created Federated Identity
2. Enabled Unauthenticated Access to it with checkbox
3. Created role associated with this identity and gave it <

Answer 1

I'm also working on a front end Typescript application that uses both Authenticated and Unauthenticated identities from Cognito.

For unauthenticated identities, my flow looks like this:

• Create a new identity in the identity pool using CognitoIdentity.getId().
• Create a credentials object using the identity pool id and new identity id only.

That code looks like this:

var cognitoidentity = new AWS.CognitoIdentity();
var params = {
    IdentityPoolId: 'us-east-1:bxxxxxx-cxxx-4xxx-8xxx-9xxxxxxxxxxx'
};

// tslint:disable-next-line:no-any
cognitoidentity.getId(params, function(err: any, data: any) {
    if (err) {
        console.log(err, err.stack); // an error occurred
    } else {

        AWS.config.credentials = new AWS.CognitoIdentityCredentials({
            IdentityPoolId: 'us-east-1:bxxxxxxx-cxxx-4xxx-8xxx-9xxxxxxxxxxx',
            IdentityId: data.IdentityId
        });

        // access AWS resources
    }
});

This will result in your app getting temporary IAM credentials (access key, secret key, session token) that are used to access back end resources.

The role assumed when you use these keys will be the role you configured in your Identity Pool settings:

This way you don't have to expose the IAM role name to the browser, either. AWS will simply assume the correct role based on the IAM keys.

Happy Hacking!