Amazon Cognito
Developer Guide (Version Last Updated: 08/26/2017)

Identity Pools

To use Amazon Cognito Federated Identities in your app, you'll need to create an identity pool. An identity pool is a store of user identity data specific to your account. Using Amazon Cognito Sync, you can retrieve the data across client platforms, devices, and operating systems, so that if a user starts using your app on a phone and later switches to a tablet, the persisted app information is still available for that user.

To create a new identity pool for your application:

  1. Log in to the Amazon Cognito console, choose Manage Federated Identities, and choose Create new identity pool.

  2. Enter a name for your identity pool, select the checkbox to enable access to unauthenticated identities or configure an identity provider, and then choose Create Pool.

  3. Choose Allow to create the two default roles associated with your identity pool—one for unauthenticated users and one for authenticated users. These default roles provide your identity pool access to Amazon Cognito Sync. You can modify the roles associated with your identity pool in the IAM console.

For additional instructions on working with the Amazon Cognito console, see Using the Amazon Cognito Console.

Authenticated and Unauthenticated Identities

Amazon Cognito identity pools support both authenticated and unauthenticated identities. Authenticated identities belong to users who are authenticated by any supported identity provider. Unauthenticated identities typically belong to guest users.

User IAM Roles

An IAM role defines the permissions for your users to access AWS resources, like Amazon Cognito Sync. Users of your application will assume the roles you create. You can specify different roles for authenticated and unauthenticated users. To learn more about IAM roles, see IAM Roles.