| Voiced by Amazon Polly | 
Introduction
In modern web and mobile applications, authentication plays a crucial role in ensuring secure access to resources. However, there are scenarios where we want users to interact with our application without requiring them to sign in. This is where AWS Cognito Identity Pools come in, allowing us to manage both authenticated (signed-in) and unauthenticated (guest) users efficiently.
Transform Your Career with AWS Certifications
- Advanced Skills
- AWS Official Curriculum
- 10+ Hand-on Labs
What is an AWS Cognito Identity Pool?
AWS Cognito Identity Pools provide temporary AWS credentials to users so they can access AWS resources securely. These users can be:
- Authenticated users (signed in via Cognito User Pools, Google, Facebook, etc.).
- Unauthenticated users (guest access without login).
With an Identity Pool, we can define different IAM roles for authenticated and unauthenticated users, ensuring the right level of access control.
Why Do We Need Guest Access?
Guest access is useful when we want users to interact with certain parts of our application without forcing them to create an account. Some common use cases include:
- Browsing products in an e-commerce app before signing up.
- Submitting feedback or surveys without registration.
- Accessing limited features of an app before logging in.
- Gaming leaderboards or score tracking without requiring a login.
By enabling unauthenticated access through an Identity Pool, we can grant temporary, controlled access to AWS services like DynamoDB, S3, or API Gateway, allowing guest users to perform limited actions without compromising security.
Following are the steps involved in Granting Guest Access with AWS Cognito Identity Pools: Using JavaScript SDK to Create a DynamoDB Table
Step 1: Setting Up Cognito Identity Pool for Guest Access)
- Go to AWS Cognito Console

Click on “Create identity pool”
 
- Enter Identity Pool Name as shown below
Check “Enable access to unauthenticated identities” (for guest access) and Click Next.
 
 
Provide the Role name as “DynamoDBRole” and click Next

Review and Create Identity Pool.

- Copy Identity Pool ID
Save it anywhere, as it’s needed in our JavaScript app.

Step 2: Update IAM Role Permissions for DynamoDB
Now, we need to allow Cognito guest users to create a DynamoDB table.
- Go to AWS IAM Console
Open IAM Console and Click “Roles” as shown below.

- Attach a Managed Policy for DynamoDB Access
 
Step 3: Build a JavaScript App to Create DynamoDB Table
Now, let’s write a JavaScript app that:
Connects to Cognito Identity Pool and Creates a DynamoDB Table
Replace the AWS Region and Cognito Identity Pool ID in the Code
Create an index.html
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | <!DOCTYPE html> <html lang="en"> <head>     <meta charset="UTF-8">     <meta name="viewport" content="width=device-width, initial-scale=1.0">     <title>Create DynamoDB Table with Cognito</title> </head> <body>     <h2>Create an "Employee" Table in DynamoDB</h2>     <button onclick="createDynamoDBTable()">Create Table</button>     <pre id="output"></pre>     <script src="https://sdk.amazonaws.com/js/aws-sdk-2.1030.0.min.js"></script>     <script>         AWS.config.region = 'ap-northeast-3';  // Replace with your AWS region         // Configure Cognito Identity Pool         AWS.config.credentials = new AWS.CognitoIdentityCredentials({             IdentityPoolId: ' ap-northeast-3:97b14b71-8fe5-4e56-ac29-89f054edd37b'  // Replace with your Identity Pool ID         });         function createDynamoDBTable() {             AWS.config.credentials.get((err) => {                 if (err) {                     console.error("Error getting credentials:", err);                     document.getElementById("output").textContent = "Error: " + err.message;                     return;                 }                 const dynamodb = new AWS.DynamoDB();                 const params = {                     TableName: "Employee",                     KeySchema: [                         { AttributeName: "employee_id", KeyType: "HASH" }  // Partition key                     ],                     AttributeDefinitions: [                         { AttributeName: "employee_id", AttributeType: "S" }  // String type                     ],                     ProvisionedThroughput: {                         ReadCapacityUnits: 5,                         WriteCapacityUnits: 5                     }                 };                 dynamodb.createTable(params, (err, data) => {                     if (err) {                         console.error("Table creation failed:", err);                         document.getElementById("output").textContent = "Table creation failed: " + err.message;                     } else {                         console.log("Table created successfully:", data);                         document.getElementById("output").textContent = "Table created successfully! \n" + JSON.stringify(data, null, 2);                     }                 });             });         }     </script> </body> </html> | 
Step 4: Run & Test the App
Open index.html in a browser and Click “Create Table”.

If successful, the DynamoDB table “Employee” is created.

Verify the table in AWS DynamoDB Console → Tables.

Conclusion
AWS Cognito Identity Pools provide a powerful way to manage both authenticated and unauthenticated (guest) access to AWS resources securely. By enabling guest access, we allow users to interact with our application without requiring a login, which improves user experience while maintaining control over permissions and security.
In this guide, we configured a Cognito Identity Pool, created a DynamoDB table, and used the AWS JavaScript SDK to let guest users write data securely. To ensure security, it’s essential to apply least privilege IAM policies, monitor access through CloudWatch, and encourage users to transition to authenticated access when needed.
By following these best practices, we can balance usability and security, creating a seamless experience for both guest and registered users.
Earn Multiple AWS Certifications for the Price of Two
- AWS Authorized Instructor led Sessions
- AWS Official Curriculum
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
 
            WRITTEN BY Siddiq Pasha
 
  
  Login
 Login
 
        
 March 20, 2025
 March 20, 2025




 PREV
 PREV
 
                                   
                                   
                                   
                                   
                                   
                                   
                                   
                                   
                                   
                                  
Comments