Can you set a Cognito Identity Pool to include all users/EC2s of the acct?

Question

I followed a tutorial for how to create a QnA bot that used a CloudFormation stack.  
  
That stack created an identity pool. Using either my own secretAccessKey/accessKeyId, or an EC2 server's creds works for signing into the service. When I look at the identity pool, I see that the authenticated identities look like regions followed by "_" and then some letters and numbers. Are these identities references to account-wide VPC values or something? I don't understand how you can make an identity that includes all users/servers of the AWS account. Googling doesn't help me understand what's going on here.

Answer

Ok, so I figured out a more accurate way to look at this.  
  
I shouldn't be using identity pools at all.  
  
I can specify a certain AWS service's (EC2 or Lambda, etc) role as having access to any other service.  
I can restrict access to an IP address range.  
I can specify a particular AWS User's account.  
I can specify a group of AWS user accounts in a Cognito User Group.  
I can specify a Cognito User Group or other IDP provider, or an unauthenticated user in a Congito Identity Pool.  
  
Edited by: ShaneS on Sep 28, 2020 7:52 AM

Can you set a Cognito Identity Pool to include all users/EC2s of the acct?

相关内容