I am creating a web app using AWS amplify, and one of its features will be integration with AWS IoT for live MQTT data. I successfully setup Cognito to work with IoT, but there is one step that I currently have to do manually: attach the iot policy to a cognito identity. In all the AWS tutorials on this, they have you manually attach the policy for the user via the command line, but obviously in a production app this needs to be automated with something like a Lambda as part of the user signup flow. I know that lambda triggers are available with the user pools side of Cognito, but I don't see any documentation on them being available for identity pools. If I'm correct the user signup happens first in the user pool and then the identity pool, and since I need the identity ID to link to IoT, using user pool lambda triggers won't work for this. Of course I could always add this to my own API which is called after sign up, the only issue with that is that it relies on the client to call the API, which adds complexity, i.e. the client could disconnect after signup but before the API call is made, in which case the user would never get the policy attached. Is there any better server-side way to trigger this?
Asked
Active
Viewed 181 times
0
-
Are you managing your own user pool? If so, how? – Sam Rastovich Aug 06 '20 at 18:48
-
Amplify automates the setup of the user and identity pools – A Tyshka Aug 07 '20 at 02:35
1 Answers
0
No. The way to go is client-side. And to add security, the client should trigger a lambda function which then attaches the IoT policy to the Cognito Identity ID present in the context input argument. See my related post on this issue.
Lucas Meier
- 369
- 3
- 6