Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Can you set a Cognito Identity Pool to include all users/EC2s of the acct?

0

I followed a tutorial for how to create a QnA bot that used a CloudFormation stack.

That stack created an identity pool. Using either my own secretAccessKey/accessKeyId, or an EC2 server's creds works for signing into the service. When I look at the identity pool, I see that the authenticated identities look like regions followed by "_" and then some letters and numbers. Are these identities references to account-wide VPC values or something? I don't understand how you can make an identity that includes all users/servers of the AWS account. Googling doesn't help me understand what's going on here.

Themen
Sicherheit, Identität & Konformität
Tags
Amazon Cognito
Sprache
English
ShaneS
gefragt vor 4 Jahren241 Aufrufe
1 Antwort
0

Ok, so I figured out a more accurate way to look at this.

I shouldn't be using identity pools at all.

I can specify a certain AWS service's (EC2 or Lambda, etc) role as having access to any other service.
I can restrict access to an IP address range.
I can specify a particular AWS User's account.
I can specify a group of AWS user accounts in a Cognito User Group.
I can specify a Cognito User Group or other IDP provider, or an unauthenticated user in a Congito Identity Pool.

Edited by: ShaneS on Sep 28, 2020 7:52 AM

ShaneS
beantwortet vor 4 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt