Skip to content
SST
Docs Guide Console Examples
21K

CognitoIdentityPool

Reference doc for the `sst.aws.CognitoIdentityPool` component.

The CognitoIdentityPool component lets you add a Amazon Cognito identity pool to your app.

Create the identity pool

sst.config.ts
new sst.aws.CognitoIdentityPool("MyIdentityPool", {
  userPools: [
    {
      userPool: "us-east-1_QY6Ly46JH",
      client: "6va5jg3cgtrd170sgokikjm5m6"
    }
  ]
});

Configure permissions for authenticated users

sst.config.ts
new sst.aws.CognitoIdentityPool("MyIdentityPool", {
  userPools: [
    {
      userPool: "us-east-1_QY6Ly46JH",
      client: "6va5jg3cgtrd170sgokikjm5m6"
    }
  ],
  permissions: {
    authenticated: [
      {
        actions: ["s3:GetObject", "s3:PutObject"],
        resources: ["arn:aws:s3:::my-bucket/*"]
      }
    ]
  }
});

Constructor

new CognitoIdentityPool(name, args?, opts?)

Parameters

CognitoIdentityPoolArgs

permissions?

Type Input<Object>

The permissions to attach to the authenticated and unauthenticated roles. This allows the authenticated and unauthenticated users to access other AWS resources.

{
  permissions: {
    authenticated: [
      {
        actions: ["s3:GetObject", "s3:PutObject"],
        resources: ["arn:aws:s3:::my-bucket/*"]
      }
    ],
    unauthenticated: [
      {
        actions: ["s3:GetObject"],
        resources: ["arn:aws:s3:::my-bucket/*"]
      }
    ]
  }
}

permissions.authenticated?

Type Input<Object[]>

Attaches the given list of permissions to the authenticated users.

permissions.authenticated[].actions

Type string[]

The IAM actions that can be performed.

{
  actions: ["s3:*"]
}
permissions.authenticated[].resources

Type Input<string>[]

The resourcess specified using the IAM ARN format.

{
  resources: ["arn:aws:s3:::my-bucket/*"]
}

permissions.unauthenticated?

Type Input<Object[]>

Attaches the given list of permissions to the unauthenticated users.

permissions.unauthenticated[].actions

Type string[]

The IAM actions that can be performed.

{
  actions: ["s3:*"]
}
permissions.unauthenticated[].resources

Type Input<string>[]

The resourcess specified using the IAM ARN format.

{
  resources: ["arn:aws:s3:::my-bucket/*"]
}

transform?

Type Object

Transform how this component creates its underlying resources.

transform.authenticatedRole?

Type RoleArgs | (args: RoleArgs, opts: ComponentResourceOptions, name: string) => void

Transform the authenticated IAM role resource.

transform.identityPool?

Type IdentityPoolArgs | (args: IdentityPoolArgs, opts: ComponentResourceOptions, name: string) => void

Transform the Cognito identity pool resource.

transform.unauthenticatedRole?

Type RoleArgs | (args: RoleArgs, opts: ComponentResourceOptions, name: string) => void

Transform the unauthenticated IAM role resource.

userPools?

Type Input<Input<Object>[]>

Configure Cognito User Pools as identity providers to your identity pool.

{
  userPools: [
    {
      userPool: "us-east-1_QY6Ly46JH",
      client: "6va5jg3cgtrd170sgokikjm5m6"
    }
  ]
}

userPools[].client

Type Input<string>

The Cognito User Pool client ID.

userPools[].userPool

Type Input<string>

The Cognito user pool ID.

Properties

id

Type Output<string>

The Cognito identity pool ID.

nodes

Type Object

The underlying resources this component creates.

nodes.authenticatedRole

Type Role

The authenticated IAM role.

nodes.identityPool

Type IdentityPool

The Amazon Cognito identity pool.

nodes.unauthenticatedRole

Type Role

The unauthenticated IAM role.

SDK

Use the SDK in your runtime to interact with your infrastructure.

This is accessible through the Resource object in the SDK.

  • id string

    The Cognito identity pool ID.

Methods

static get

CognitoIdentityPool.get(name, identityPoolID, opts?)

Parameters

  • name string

    The name of the component.

  • identityPoolID Input<string>

    The ID of the existing Identity Pool.

  • opts? ComponentResourceOptions

Returns CognitoIdentityPool

Reference an existing Identity Pool with the given ID. This is useful when you create a Identity Pool in one stage and want to share it in another. It avoids having to create a new Identity Pool in the other stage.

Imagine you create a Identity Pool in the dev stage. And in your personal stage frank, instead of creating a new pool, you want to share the same pool from dev.

sst.config.ts
const identityPool = $app.stage === "frank"
  ? sst.aws.CognitoIdentityPool.get("MyIdentityPool", "us-east-1:02facf30-e2f3-49ec-9e79-c55187415cf8")
  : new sst.aws.CognitoIdentityPool("MyIdentityPool");

Here us-east-1:02facf30-e2f3-49ec-9e79-c55187415cf8 is the ID of the Identity Pool created in the dev stage. You can find this by outputting the Identity Pool ID in the dev stage.

sst.config.ts
return {
  identityPool: identityPool.id
};