AWS Cognito - createIdentityPool - Where to get ProviderName and ClientId?

4
votes

I'm attempting to use AWS Cognito to aid support for multi tenancy within my application.

https://aws.amazon.com/blogs/apn/managing-saas-users-with-amazon-cognito/

Provisioning User Pools

Assuming you were to associate a single user pool with each tenant, you would need to introduce provisioning automation that would create a tenant’s user pool during the sign-up process. This would also require automation that configures all the other moving parts of Amazon Cognito to declare and associate the user pools with the other Amazon Cognito constructs and security policies.

The basic steps here would be to first create a user pool for the tenant and apply any tenant-specific customizations or policies (these would typically be the same for all tenants). Then, you’d need your automation to provision and configure an identity pool. Finally, you’d have to associate the identity pool with your newly created user pool. The process is a bit more involved than that, but these are the key concepts you need to have in mind as you think about how to add this automation to your tenant creation lifecycle.

AWS provides a series of APIs that you can use to implement your provisioning automation model. These APIs are available for a number of different languages and environments.

So far I've been able to use the SDK to create many of the bits and pieces but am struggling with createIdentityPool () specifically CognitoIdentityProviders The documentation states that CognitoIdentityProviders should contain...

ProviderName — (String) The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789.

ClientId — (String) The client ID for the Amazon Cognito Identity User Pool.

ServerSideTokenCheck — (Boolean) TRUE if server-side token validation is enabled for the identity provider’s token.

Where should I be getting ProviderName and ClientId from?

I have vars holding the values returned from createUserPool() and createUserPoolClient() but can't see anything within them that fits.

Any help appreciated.

1
amazon-web-servicesaws-sdkamazon-cognito

1 Answers

2
votes

ClientId is just the unique identifier for your client. ProviderName is a constant string of the above format, just plug in region and user pool id where appropriate.

The easiest way to do this is via the Cognito federated identities console. It just takes in a user pool id and client id, which you get upon creating them in the Cognito user pools console.

If creating the identity pool from the SDK is a must, you can just get these values from the Cognito user pools console. Just look for the pool and client in question.

If using the console is out of the question, you can call ListUserPools and ListUserPoolClients to get the right ids.