How to get Cognito Identity ID given the Cognito User Pool ID?

Question

In AWS Amplify's Storage Documentation, there's a section on how to get other users' objects...

Storage.get('test.txt', { 
    level: 'protected', 
    identityId: 'xxxxxxx' // the identityId of that user
})

Where can I get the identityId of another user?

I can only query for the Cognito User Pool Id of users. Is there a way to map the User Pool Id to the Identity Id?

https://stackoverflow.com/questions/59567546/getting-cognito-user-pool-username-from-cognito-identity-pool-identityid — mon, Mar 20 '20 at 00:00
Just to double check. You are using Congnito User Pool as the identity provider, signin to User Pool and get a JWT token, then use the token to use Cognito Identity Pool. Is this corrrect? — mon, Mar 20 '20 at 00:03
I have the Cognito User Pool ID of my users. I want to get their Cognito Identity IDs. — Noel Llevares, Mar 20 '20 at 09:40
User Pool and Identity Pool is completely different services. Have you created a Identity Pool and define the IAM Role to associate? Please see https://stackoverflow.com/questions/46334431/aws-service-difference-between-cognito-user-pool-and-federated-identity/ — mon, Mar 20 '20 at 23:01
Please see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html too if not yet. — mon, Mar 20 '20 at 23:02

score 9 · Answer 1 · answered Dec 04 '20 at 18:53

9

You can get identity id using Auth.currentUserCredential Method

import { Auth } from 'aws-amplify';

await Auth.signIn(username, password);
const credentials = await Auth.currentUserCredentials();
console.log("identityId", credentials.identityId);

answered Dec 04 '20 at 18:53

Devadyuti Das

131
1
2

3

better if it were part of the idToken. – bvj Dec 13 '20 at 07:28

score 1 · Answer 2 · answered Mar 22 '20 at 03:52

After much research and looking into some similar/related questions/answers, it seems that this is still missing from AWS.

The closest topic I found is from AWS Forums: https://forums.aws.amazon.com/thread.jspa?messageID=924345 which is still unanswered :-)

score -1 · Answer 3 · answered Aug 26 '22 at 17:50

There is a work-around in this GitHub comment where you can use Cognito User Pool ID instead of Identity ID for the S3 folder names. This way you won't really need to deal with Identity ID.

After doing some more research we found that you can use user attributes for access control so instead of using the federated id as the users folder name, you can specify a custom attribute mapping (we mapped cognitoId to sub) using principal tags, and in your policy you can dynamically reference resources using these tags:

How to get Cognito Identity ID given the Cognito User Pool ID?

3 Answers3