Can you set a Cognito Identity Pool to include all users/EC2s of the acct?


I followed a tutorial for how to create a QnA bot that used a CloudFormation stack.

That stack created an identity pool. Using either my own secretAccessKey/accessKeyId, or an EC2 server's creds works for signing into the service. When I look at the identity pool, I see that the authenticated identities look like regions followed by "_" and then some letters and numbers. Are these identities references to account-wide VPC values or something? I don't understand how you can make an identity that includes all users/servers of the AWS account. Googling doesn't help me understand what's going on here.

asked 2 years ago25 views
1 Answer

Ok, so I figured out a more accurate way to look at this.

I shouldn't be using identity pools at all.

I can specify a certain AWS service's (EC2 or Lambda, etc) role as having access to any other service.
I can restrict access to an IP address range.
I can specify a particular AWS User's account.
I can specify a group of AWS user accounts in a Cognito User Group.
I can specify a Cognito User Group or other IDP provider, or an unauthenticated user in a Congito Identity Pool.

Edited by: ShaneS on Sep 28, 2020 7:52 AM

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions