Ok, so I figured out a more accurate way to look at this.
I shouldn't be using identity pools at all.
I can specify a certain AWS service's (EC2 or Lambda, etc) role as having access to any other service.
I can restrict access to an IP address range.
I can specify a particular AWS User's account.
I can specify a group of AWS user accounts in a Cognito User Group.
I can specify a Cognito User Group or other IDP provider, or an unauthenticated user in a Congito Identity Pool.
Edited by: ShaneS on Sep 28, 2020 7:52 AM
Can you set a Cognito Identity Pool to include all users/EC2s of the acct?asked 2 years ago
How to delete a record key in Cognito identity pool dataset?asked 7 months ago
Map from federated identity pool to Cognito user poolasked 2 months ago
How am user from Cognito user pool can access a CodeCommit repository?asked 5 days ago
Appsync GraphQL with Cognito Identity Pool Federationasked 5 months ago
Should I use Cognito Identity Pool OIDC JWT Connect Tokens in the AWS API Gateway?asked 7 months ago
how to increase expiration time of cognito identity pool credentialsasked 2 months ago
Modify an Identity Pool Cognito JWTasked a year ago
Cognito/Identity Poolsasked 9 days ago