- Newest
- Most votes
- Most comments
I apologize, but there seems to be a misunderstanding in your statement. Signing in to a Cognito User Pool does not grant unauthenticated (guest) access to an Identity Pool. These are two distinct concepts in AWS Amplify and Amazon Cognito:
-
Authenticated access: When you sign in to a User Pool, you are authenticating the user. This should grant you authenticated access to the Identity Pool, not guest access.
-
Unauthenticated (guest) access: This is typically used for users who haven't signed in yet. It allows limited access to AWS resources without authentication.
If you're seeing behavior where signing in is treated as guest access, this is not the intended functionality and likely indicates a configuration issue.
When you set mandatorySignIn to true, it's expected that unauthenticated access would be blocked. The error you're seeing about credentials not being fetched for guest users is consistent with this setting.
To resolve this issue:
- Verify your Amplify configuration, ensuring that your User Pool and Identity Pool are correctly linked.
- Check that your Identity Pool is properly set up to use the User Pool as an authentication provider.
- Ensure that your IAM roles for authenticated and unauthenticated users are correctly configured.
If the issue persists after verifying these configurations, it may be worth reviewing your code to ensure you're correctly handling the authentication flow.
Sources
Customize your auth rules - AWS Amplify Gen 2 Documentation
Guest access - React - AWS Amplify Gen 2 Documentation
Security best practices for Amazon Cognito identity pools - Amazon Cognito
