Hey there! I'm currently looking into our organization's external access audit. We're trying to identify any ways that outsiders could authenticate into our AWS environment, such as through external roles or identity providers. I was wondering, can Cognito be set up to allow this kind of access, or is it primarily meant for app access? Specifically, can I configure Cognito to trust an external identity provider so that users can sign in, assume a role, or obtain AWS credentials to interact with our internal AWS resources?
1 Answer
Yes, you can definitely use Cognito Identity Pools for this purpose. It's a valid option. You can also manage it through IAM if you prefer. Just keep in mind that you're leveraging Identity Pools, not just User Pools, for external access.
That's right! Make sure to check out the AWS documentation on this. It's a common scenario where you authenticate with a user pool, get Identity Pools credentials, and then use those to access resources like S3. Just remember, your application's design matters when implementing this.