Cognito - Dynamic Role

Hi,
we have used the AttachPolicy method with Cognito User Pool and Cognito Identity Pool. In this way we can attach dynamically policy to user session.

Thanks.

Thank you for reaching out. I understand that you are working on an IoT application where each user needs to communicate with their personal provider. To enable this, you are looking for a solution to obtain temporary credentials through Identity Pools. These credentials should allow users to publish and subscribe only to the topics associated with their respective devices.

In regards to your question, yes, there is a way to retrieve temporary credentials based on a specific user. You can achieve this by federating the Cognito User Pool with the Identity Pool and implementing dynamic roles. By doing so, you can assign roles to users based on their specific permissions and access requirements. For instance, if user X is limited to publishing and subscribing to topic Y, you can configure the temporary credentials to be associated with a role that grants permissions solely for that topic.

To accomplish this, you can by using rule-based mapping to assign roles to users within the Identity Pool configuration. By defining rules based on your specific requirements, you can dynamically assign roles to users when they authenticate and obtain temporary credentials accordingly.

https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html