Skip to content
Ion
Docs Console Examples

CognitoIdentityPool

Reference doc for the `sst.aws.CognitoIdentityPool` component.

The CognitoIdentityPool component lets you add a Amazon Cognito identity pool to your app.

Creating the identity pool

new sst.aws.CognitoIdentityPool("MyIdentityPool", {
  userPools: [
    {
      userPool: "us-east-1_QY6Ly46JH",
      client: "6va5jg3cgtrd170sgokikjm5m6"
    }
  ]
});

Configure permissions for authenticated users

new sst.aws.CognitoIdentityPool("MyIdentityPool", {
  userPools: [
    {
      userPool: "us-east-1_QY6Ly46JH",
      client: "6va5jg3cgtrd170sgokikjm5m6"
    }
  ],
  permissions: {
    authenticated: [
      {
        actions: ["s3:GetObject", "s3:PutObject"],
        resources: ["arn:aws:s3:::my-bucket/*"]
      }
    ]
  }
});

Constructor

new CognitoIdentityPool(name, args?, opts?)

Parameters

CognitoIdentityPoolArgs

permissions?

Type Input<Object>

The permissions to attach to the authenticated and unauthenticated roles. This allows the authenticated and unauthenticated users to access other AWS resources.

{
  permissions: {
    authenticated: [
      {
        actions: ["s3:GetObject", "s3:PutObject"],
        resources: ["arn:aws:s3:::my-bucket/*"]
      }
    ],
    unauthenticated: [
      {
        actions: ["s3:GetObject"],
        resources: ["arn:aws:s3:::my-bucket/*"]
      }
    ]
  }
}

permissions.authenticated?

Type Input<Object[]>

Attaches the given list of permissions to the authenticated users.

permissions.authenticated[].actions

Type string[]

The IAM actions that can be performed.

{
  actions: ["s3:*"]
}
permissions.authenticated[].resources

Type Input<string>[]

The resourcess specified using the IAM ARN format.

{
  resources: ["arn:aws:s3:::my-bucket/*"]
}

permissions.unauthenticated?

Type Input<Object[]>

Attaches the given list of permissions to the unauthenticated users.

permissions.unauthenticated[].actions

Type string[]

The IAM actions that can be performed.

{
  actions: ["s3:*"]
}
permissions.unauthenticated[].resources

Type Input<string>[]

The resourcess specified using the IAM ARN format.

{
  resources: ["arn:aws:s3:::my-bucket/*"]
}

transform?

Type Object

Transform how this component creates its underlying resources.

transform.authenticatedRole?

Type RoleArgs | (args: RoleArgs => void)

Transform the authenticated IAM role resource.

transform.identityPool?

Type IdentityPoolArgs | (args: IdentityPoolArgs => void)

Transform the Cognito identity pool resource.

transform.unauthenticatedRole?

Type RoleArgs | (args: RoleArgs => void)

Transform the unauthenticated IAM role resource.

userPools?

Type Input<Input<Object>[]>

Configure Cognito user pools as identity providers to your identity pool.

{
  userPools: [
    {
      userPool: "us-east-1_QY6Ly46JH",
      client: "6va5jg3cgtrd170sgokikjm5m6"
    },
  ],
}

userPools[].client

Type Input<string>

The Cognito user pool client ID.

userPools[].userPool

Type Input<string>

The Cognito user pool ID.

Properties

id

Type Output<string>

The Cognito identity pool ID.

nodes

Type Object

The underlying resources this component creates.

nodes.authenticatedRole

Type Role

The authenticated IAM role.

nodes.identityPool

Type IdentityPool

The Amazon Cognito identity pool.

nodes.unauthenticatedRole

Type Role

The unauthenticated IAM role.