Login
March 20, 2025|
Voiced by Amazon Polly |
Introduction
In modern web and mobile applications, authentication plays a crucial role in ensuring secure access to resources. However, there are scenarios where we want users to interact with our application without requiring them to sign in. This is where AWS Cognito Identity Pools come in, allowing us to manage both authenticated (signed-in) and unauthenticated (guest) users efficiently.
Transform Your Career with AWS Certifications
- Advanced Skills
- AWS Official Curriculum
- 10+ Hand-on Labs
What is an AWS Cognito Identity Pool?
AWS Cognito Identity Pools provide temporary AWS credentials to users so they can access AWS resources securely. These users can be:
- Authenticated users (signed in via Cognito User Pools, Google, Facebook, etc.).
- Unauthenticated users (guest access without login).
With an Identity Pool, we can define different IAM roles for authenticated and unauthenticated users, ensuring the right level of access control.
Why Do We Need Guest Access?
Guest access is useful when we want users to interact with certain parts of our application without forcing them to create an account. Some common use cases include:
- Browsing products in an e-commerce app before signing up.
- Submitting feedback or surveys without registration.
- Accessing limited features of an app before logging in.
- Gaming leaderboards or score tracking without requiring a login.
By enabling unauthenticated access through an Identity Pool, we can grant temporary, controlled access to AWS services like DynamoDB, S3, or API Gateway, allowing guest users to perform limited actions without compromising security.
Following are the steps involved in Granting Guest Access with AWS Cognito Identity Pools: Using JavaScript SDK to Create a DynamoDB Table
Step 1: Setting Up Cognito Identity Pool for Guest Access)
- Go to AWS Cognito Console
Click on “Create identity pool”
- Enter Identity Pool Name as shown below
Check “Enable access to unauthenticated identities” (for guest access) and Click Next.
Provide the Role name as “DynamoDBRole” and click Next
Review and Create Identity Pool.
- Copy Identity Pool ID
Save it anywhere, as it’s needed in our JavaScript app.
Step 2: Update IAM Role Permissions for DynamoDB
Now, we need to allow Cognito guest users to create a DynamoDB table.
- Go to AWS IAM Console
Open IAM Console and Click “Roles” as shown below.
- Attach a Managed Policy for DynamoDB Access
Step 3: Build a JavaScript App to Create DynamoDB Table
Now, let’s write a JavaScript app that:
Connects to Cognito Identity Pool and Creates a DynamoDB Table
Replace the AWS Region and Cognito Identity Pool ID in the Code
Create an index.html
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Create DynamoDB Table with Cognito</title> </head> <body> <h2>Create an "Employee" Table in DynamoDB</h2> <button onclick="createDynamoDBTable()">Create Table</button> <pre id="output"></pre> <script src="https://sdk.amazonaws.com/js/aws-sdk-2.1030.0.min.js"></script> <script> AWS.config.region = 'ap-northeast-3'; // Replace with your AWS region // Configure Cognito Identity Pool AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: ' ap-northeast-3:97b14b71-8fe5-4e56-ac29-89f054edd37b' // Replace with your Identity Pool ID }); function createDynamoDBTable() { AWS.config.credentials.get((err) => { if (err) { console.error("Error getting credentials:", err); document.getElementById("output").textContent = "Error: " + err.message; return; } const dynamodb = new AWS.DynamoDB(); const params = { TableName: "Employee", KeySchema: [ { AttributeName: "employee_id", KeyType: "HASH" } // Partition key ], AttributeDefinitions: [ { AttributeName: "employee_id", AttributeType: "S" } // String type ], ProvisionedThroughput: { ReadCapacityUnits: 5, WriteCapacityUnits: 5 } }; dynamodb.createTable(params, (err, data) => { if (err) { console.error("Table creation failed:", err); document.getElementById("output").textContent = "Table creation failed: " + err.message; } else { console.log("Table created successfully:", data); document.getElementById("output").textContent = "Table created successfully! \n" + JSON.stringify(data, null, 2); } }); }); } </script> </body> </html> |
Step 4: Run & Test the App
Open index.html in a browser and Click “Create Table”.
If successful, the DynamoDB table “Employee” is created.
Verify the table in AWS DynamoDB Console → Tables.
Conclusion
AWS Cognito Identity Pools provide a powerful way to manage both authenticated and unauthenticated (guest) access to AWS resources securely. By enabling guest access, we allow users to interact with our application without requiring a login, which improves user experience while maintaining control over permissions and security.
In this guide, we configured a Cognito Identity Pool, created a DynamoDB table, and used the AWS JavaScript SDK to let guest users write data securely. To ensure security, it’s essential to apply least privilege IAM policies, monitor access through CloudWatch, and encourage users to transition to authenticated access when needed.
By following these best practices, we can balance usability and security, creating a seamless experience for both guest and registered users.
Earn Multiple AWS Certifications for the Price of Two
- AWS Authorized Instructor led Sessions
- AWS Official Curriculum
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner, Amazon CloudFront, Amazon OpenSearch, AWS DMS and many more.
To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.
WRITTEN BY Siddiq Pasha
PREV
Comments