Understanding AWS Cognito and IAM Roles

User pools, Identity pools, and IAM roles to share access to AWS resources. A comprehensive walkthrough with common use cases and code samples.

Anuradha Wickramarachchi
Jun 7 · 4 min read
AWS Identity Architecture

User Pools

What and How

Completed View of User Pool App Client View

Usage of user pools

User object with Google and Facebook identity (merged by email)
Secured API gateway endpoint
Authorizer for JWTs

Making Sense out of Identity Pools

What and How?

Edit View for the Identity Pool

Usage of Identity Pools

IAM Roles

{
    "Sid": "accessToBucket",
    "Effect": "Allow",
    "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
    ],
    "Resource": [
        "arn:aws:s3:::my-bucket/*",
        "arn:aws:s3:::my-bucket-dev/*"
    ]
}

Anuradha Wickramarachchi

Written by

Blogger | Traveller | Programmer Ug @ UOM CSE.