Login
June 18, 2025|
Voiced by Amazon Polly |
Introduction
In modern web and mobile applications, authentication plays a crucial role in ensuring secure access to resources. However, there are scenarios where we want users to interact with our application without requiring them to sign in. This is where AWS Cognito Identity Pools come in, allowing us to manage both authenticated (signed-in) and unauthenticated (guest) users efficiently.
What is an AWS Cognito Identity Pool?
AWS Cognito Identity Pools provide temporary AWS credentials to users so they can access AWS resources securely. These users can be:
Authenticated users (signed in via Cognito User Pools, Google, Facebook, etc.).
Unauthenticated users (guest access without login).
With an Identity Pool, we can define different IAM roles for authenticated and unauthenticated users, ensuring the right level of access control.
Why Do We Need Guest Access?
Guest access is useful when we want users to interact with certain parts of our application without forcing them to create an account. Some common use cases include:
- Browsing products in an e-commerce app before signing up.
- Submitting feedback or surveys without registration.
- Accessing limited features of an app before logging in.
- Gaming leaderboards or score tracking without requiring a login.
By enabling unauthenticated access through an Identity Pool, we can grant temporary, controlled access to AWS services like DynamoDB, S3, or API Gateway, allowing guest users to perform limited actions without compromising security.
Following are the steps involved in Authenticated Access with AWS Cognito Identity Pools: Create a DynamoDB Table Using JavaScript SDK
Drive Business Growth with AWS's Machine Learning Solutions
- Scalable
- Cost-effective
- User-friendly
Step 1: Setting Up Cognito Identity Pool for Guest Access)
- Go to AWS Cognito Console
Click on “Create identity pool”
- Enter Identity Pool Name as shown below
Check “Enable access to unauthenticated identities” (for guest access) and Click Next.
Provide the Role name as “DynamoDBRole” and click Next
Review and Create Identity Pool.
- Copy Identity Pool ID
Save it anywhere, as it’s needed in our JavaScript app.
Step 2: Update IAM Role Permissions for DynamoDB
Now, we need to allow Cognito guest users to create a DynamoDB table.
- Go to AWS IAM Console
Open IAM Console and Click “Roles” as shown below.
- Attach a Managed Policy for DynamoDB Access
Step 3: Build a JavaScript App to Create DynamoDB Table
Now, let’s write a JavaScript app that:
Connects to Cognito Identity Pool and Creates a DynamoDB Table
Replace the AWS Region and Cognito Identity Pool ID in the Code
Create an index.html
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Create DynamoDB Table with Cognito</title> </head> <body> <h2>Create an "Employee" Table in DynamoDB</h2> <button onclick="createDynamoDBTable()">Create Table</button> <pre id="output"></pre> <script src="https://sdk.amazonaws.com/js/aws-sdk-2.1030.0.min.js"></script> <script> AWS.config.region = 'ap-northeast-3'; // Replace with your AWS region // Configure Cognito Identity Pool AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: ' ap-northeast-3:97b14b71-8fe5-4e56-ac29-89f054edd37b' // Replace with your Identity Pool ID }); function createDynamoDBTable() { AWS.config.credentials.get((err) => { if (err) { console.error("Error getting credentials:", err); document.getElementById("output").textContent = "Error: " + err.message; return; } const dynamodb = new AWS.DynamoDB(); const params = { TableName: "Employee", KeySchema: [ { AttributeName: "employee_id", KeyType: "HASH" } // Partition key ], AttributeDefinitions: [ { AttributeName: "employee_id", AttributeType: "S" } // String type ], ProvisionedThroughput: { ReadCapacityUnits: 5, WriteCapacityUnits: 5 } }; dynamodb.createTable(params, (err, data) => { if (err) { console.error("Table creation failed:", err); document.getElementById("output").textContent = "Table creation failed: " + err.message; } else { console.log("Table created successfully:", data); document.getElementById("output").textContent = "Table created successfully! \n" + JSON.stringify(data, null, 2); } }); }); } </script> </body> </html> |
Step 4: Run & Test the App
Open index.html in a browser and click “Create Table”.
If successful, the DynamoDB table “Employee” is created.
Verify the table in AWS DynamoDB Console → Tables.
Conclusion
AWS Cognito Identity Pools provide a powerful way to manage both authenticated and unauthenticated (guest) access to AWS resources securely. By enabling guest access, we allow users to interact with our application without requiring a login, which improves user experience while maintaining control over permissions and security.
In this guide, we configured a Cognito Identity Pool, created a DynamoDB table, and used the AWS JavaScript SDK to let guest users write data securely. To ensure security, it’s essential to apply least privilege IAM policies, monitor access through CloudWatch, and encourage users to transition to authenticated access when needed.
By following these best practices, we can balance usability and security, creating a seamless experience for both guest and registered users.
Cloud Consulting for AWS Media Services: Achieve Peak Performance
- Unlock Efficiency
- Transform Media Capabilities
About CloudThat
Established in 2012, CloudThat is an award-winning company and the first in India to offer cloud training and consulting services for individuals and enterprises worldwide. Recently, it won Google Cloud’s New Training Partner of the Year Award for 2025, becoming the first company in the world in 2025 to hold awards from all three major cloud giants: AWS, Microsoft, and Google. CloudThat notably won consecutive AWS Training Partner of the Year (APJ) awards in 2023 and 2024 and the Microsoft Training Services Partner of the Year Award in 2024, bringing its total award count to an impressive 12 awards in the last 8 years. In addition to this, 20 trainers from CloudThat are ranked among Microsoft’s Top 100 MCTs globally for 2025, demonstrating its exceptional trainer quality on the global stage.
As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, Google Cloud Platform Partner, and collaborator with leading organizations like HPE and Databricks, CloudThat has trained over 850,000 professionals across 600+ cloud certifications, empowering students and professionals worldwide to advance their skills and careers.
WRITTEN BY Siddiq Pasha
PREV
Comments