Menu
Amazon Cognito
Developer Guide

Identity Pools

To use Amazon Cognito Federated Identities in your app, you'll need to create an identity pool. An identity pool is a store of user identity data specific to your account. Using Amazon Cognito Sync, you can retrieve the data across client platforms, devices, and operating systems, so that if a user starts using your app on a phone and later switches to a tablet, the persisted app information is still available for that user.

To create a new identity pool in the console

  1. Sign in to the Amazon Cognito console, choose Manage Federated Identities, and then choose Create new identity pool.

  2. Type a name for your identity pool.

  3. To enable unauthenticated identities select Enable access to unauthenticated identities from the Unauthenticated identities collapsible section.

  4. If desired, configure an authentication provider in the Authentication providers section.

  5. Choose Create Pool.

    Note

    At least one identity is required for a valid identity pool.

  6. You will be prompted for access to your AWS resources.

    Choose Allow to create the two default roles associated with your identity pool–one for unauthenticated users and one for authenticated users. These default roles provide your identity pool access to Amazon Cognito Sync. You can modify the roles associated with your identity pool in the IAM console. For additional instructions on working with the Amazon Cognito console, see Using the Amazon Cognito Console.

For additional instructions on working with the Amazon Cognito console, see Using the Amazon Cognito Console.

Authenticated and Unauthenticated Identities

Amazon Cognito identity pools support both authenticated and unauthenticated identities. Authenticated identities belong to users who are authenticated by any supported identity provider. Unauthenticated identities typically belong to guest users.

User IAM Roles

An IAM role defines the permissions for your users to access AWS resources, like Amazon Cognito Sync. Users of your application will assume the roles you create. You can specify different roles for authenticated and unauthenticated users. To learn more about IAM roles, see IAM Roles.