1
00:00:00,240 --> 00:00:02,470
‫Okay, so we are in Cognito User Pools,

2
00:00:02,470 --> 00:00:05,920
‫and to quickly switch to Cognito Identity Pools,

3
00:00:05,920 --> 00:00:08,550
‫we click on Federated Identities right here,

4
00:00:08,550 --> 00:00:10,300
‫and this should take us to a new UI.

5
00:00:10,300 --> 00:00:13,680
‫Okay, so we need to create a new identity pool,

6
00:00:13,680 --> 00:00:16,207
‫so we'll call it MyDemoIdentityPool,

7
00:00:18,470 --> 00:00:21,960
‫and then we have the option to allow for guest users,

8
00:00:21,960 --> 00:00:24,570
‫so with unauthenticated identities,

9
00:00:24,570 --> 00:00:26,960
‫so we allow users without a credentials

10
00:00:26,960 --> 00:00:29,930
‫to even access our resources, so we can click this

11
00:00:29,930 --> 00:00:33,250
‫and this is enabled, and this is very strong distinction

12
00:00:33,250 --> 00:00:35,310
‫of identity pools and user pools,

13
00:00:35,310 --> 00:00:39,740
‫so this allows for guest users to just use our application.

14
00:00:39,740 --> 00:00:42,260
‫Then we have the authentication flow settings

15
00:00:42,260 --> 00:00:44,630
‫and we have two, we have enhance process,

16
00:00:44,630 --> 00:00:46,550
‫or a three-step classic flow,

17
00:00:46,550 --> 00:00:48,150
‫so I'll just leave it unchecked,

18
00:00:48,150 --> 00:00:49,830
‫and this is the enhance process,

19
00:00:49,830 --> 00:00:53,920
‫and then finally, the authentication providers that we want.

20
00:00:53,920 --> 00:00:56,140
‫So it supports all of these right here,

21
00:00:56,140 --> 00:00:59,120
‫so Amazon, Apple, Facebook, Google+,

22
00:00:59,120 --> 00:01:02,690
‫Twitters, OpenID, SAML, or even a custom,

23
00:01:02,690 --> 00:01:07,060
‫or they has direct integration with Cognito identity pool,

24
00:01:07,060 --> 00:01:09,290
‫so we just need to provide the pool ID

25
00:01:09,290 --> 00:01:11,700
‫and the app client ID for it to work,

26
00:01:11,700 --> 00:01:13,320
‫so this is something that we have already created,

27
00:01:13,320 --> 00:01:17,320
‫so let me go back into Cognito to find out these values.

28
00:01:17,320 --> 00:01:20,450
‫So back into Cognito, I'm going to Manage User Pools,

29
00:01:20,450 --> 00:01:22,360
‫I have my DemoPool right here,

30
00:01:22,360 --> 00:01:25,660
‫and then I'm going to go into my pool ID

31
00:01:25,660 --> 00:01:29,770
‫which is right here, so I'll copy this and paste it here,

32
00:01:29,770 --> 00:01:34,130
‫and the app client ID, so I go to app clients

33
00:01:34,130 --> 00:01:37,590
‫and take this app client's ID and paste it here.

34
00:01:37,590 --> 00:01:41,640
‫So this is how we integrate an identity provider

35
00:01:41,640 --> 00:01:44,140
‫with Cognito identity pool.

36
00:01:44,140 --> 00:01:46,810
‫So we're good to go, we'll create this pool,

37
00:01:46,810 --> 00:01:48,413
‫and we are done.

38
00:01:50,270 --> 00:01:53,150
‫Next we need to identify the IAM roles to use

39
00:01:53,150 --> 00:01:56,760
‫with your new identity pool, so we can look at the detail,

40
00:01:56,760 --> 00:01:59,130
‫and this will create roles for me,

41
00:01:59,130 --> 00:02:02,250
‫so there is a role for my normal users,

42
00:02:02,250 --> 00:02:04,300
‫so this is the role that will be created for me

43
00:02:04,300 --> 00:02:06,810
‫which is a basic role, and then there will be

44
00:02:06,810 --> 00:02:10,900
‫a second role created for me which is the IAM role,

45
00:02:10,900 --> 00:02:13,470
‫and this is for my unauthenticated identity,

46
00:02:13,470 --> 00:02:16,730
‫so two IAM roles were created for this purpose.

47
00:02:16,730 --> 00:02:18,540
‫We'll click on Allow, and these two roles

48
00:02:18,540 --> 00:02:19,530
‫will be created for me,

49
00:02:19,530 --> 00:02:22,260
‫and then to get started with identity pools,

50
00:02:22,260 --> 00:02:25,370
‫we need to download the right SDK,

51
00:02:25,370 --> 00:02:29,810
‫so we have options of Android, iOS, JavaScript, and so on,

52
00:02:29,810 --> 00:02:33,460
‫and then you download the SDK and you can get started.

53
00:02:33,460 --> 00:02:35,120
‫So this is just code based

54
00:02:35,120 --> 00:02:37,160
‫so we don't have to worry about it too much,

55
00:02:37,160 --> 00:02:39,680
‫but so if I go to the Dashboard to see things,

56
00:02:39,680 --> 00:02:41,510
‫I can see the number of people

57
00:02:41,510 --> 00:02:44,200
‫who are unauthenticated and authenticated,

58
00:02:44,200 --> 00:02:47,110
‫the number of identities, as well as some graphs,

59
00:02:47,110 --> 00:02:50,130
‫the rest is just code based, and then finally,

60
00:02:50,130 --> 00:02:51,650
‫we have an identity browser,

61
00:02:51,650 --> 00:02:55,130
‫so we can search by identity ID after the users log in.

62
00:02:55,130 --> 00:02:57,370
‫So it's a very simple thing, Federated Identities,

63
00:02:57,370 --> 00:03:00,130
‫this is all now code based so I won't go any further,

64
00:03:00,130 --> 00:03:03,210
‫but the one thing you have to remember in here is that,

65
00:03:03,210 --> 00:03:08,210
‫now we have two roles that have been created,

66
00:03:08,290 --> 00:03:09,770
‫so for my identity pools,

67
00:03:09,770 --> 00:03:13,023
‫so this Cognito_MyDemoIdentyPoolAuth_Role and Unauth_Roles,

68
00:03:14,450 --> 00:03:17,450
‫and this is what we would need to customize to decide

69
00:03:17,450 --> 00:03:21,060
‫what our authenticated users have access to in AWS.

70
00:03:21,060 --> 00:03:23,250
‫So right now they are authenticated,

71
00:03:23,250 --> 00:03:26,310
‫they can access mobileanalytics, cognito-sync,

72
00:03:26,310 --> 00:03:30,280
‫and cognito-identity, but I could edit and attach policy,

73
00:03:30,280 --> 00:03:34,690
‫for example S3ReadOnlyAccess, and customize this

74
00:03:34,690 --> 00:03:36,470
‫to make sure that only the user has access

75
00:03:36,470 --> 00:03:39,430
‫to read what they can read in the first place.

76
00:03:39,430 --> 00:03:41,410
‫So back in my identity pool,

77
00:03:41,410 --> 00:03:42,640
‫there's more options that are hidden,

78
00:03:42,640 --> 00:03:43,780
‫so if you go to the top right

79
00:03:43,780 --> 00:03:46,060
‫and click on edit identity pool,

80
00:03:46,060 --> 00:03:47,530
‫we can see all the options

81
00:03:47,530 --> 00:03:50,690
‫that get offered to us for Cognito identity pools,

82
00:03:50,690 --> 00:03:53,170
‫so we can see the pool name, the pool ID,

83
00:03:53,170 --> 00:03:56,280
‫and the list of roles for unauthenticated users

84
00:03:56,280 --> 00:03:59,620
‫and authenticated users, then we can look at

85
00:03:59,620 --> 00:04:02,760
‫the identities settings for guest users,

86
00:04:02,760 --> 00:04:04,410
‫the flow settings we had from before,

87
00:04:04,410 --> 00:04:06,370
‫the identity providers that we had configured,

88
00:04:06,370 --> 00:04:08,070
‫so we configured from Cognito user pools

89
00:04:08,070 --> 00:04:09,910
‫but we can configure some more as well,

90
00:04:09,910 --> 00:04:11,680
‫and then we have three other options,

91
00:04:11,680 --> 00:04:14,350
‫so push synchronization which is that

92
00:04:14,350 --> 00:04:17,550
‫if somehow the user settings are changed on one device,

93
00:04:17,550 --> 00:04:21,090
‫they can be pushed silently to all the other devices,

94
00:04:21,090 --> 00:04:22,690
‫and so we can configure it,

95
00:04:22,690 --> 00:04:25,080
‫we have Cognito Streams which allows us

96
00:04:25,080 --> 00:04:27,920
‫to push every dataset change into Cognito

97
00:04:27,920 --> 00:04:31,400
‫into a Kinesis stream in real time,

98
00:04:31,400 --> 00:04:33,630
‫and so from this Kinesis stream then we can enable

99
00:04:33,630 --> 00:04:36,840
‫some real time processing of these events,

100
00:04:36,840 --> 00:04:39,150
‫and then finally, Cognito Events

101
00:04:39,150 --> 00:04:41,030
‫to allow to run Lambda functions

102
00:04:41,030 --> 00:04:43,550
‫in response to important events in Cognito,

103
00:04:43,550 --> 00:04:46,140
‫and then you will need to define a Lambda function as well,

104
00:04:46,140 --> 00:04:48,770
‫and the last option is to delete the identity pool.

105
00:04:48,770 --> 00:04:50,270
‫So that's it for Cognito identity pools,

106
00:04:50,270 --> 00:04:51,660
‫I cannot show you anything further

107
00:04:51,660 --> 00:04:53,660
‫because we need to deal with some code

108
00:04:53,660 --> 00:04:55,530
‫and actually this is pretty involved,

109
00:04:55,530 --> 00:04:57,200
‫but hopefully you understand that now,

110
00:04:57,200 --> 00:04:59,880
‫thanks to Federative Identity or identity pools,

111
00:04:59,880 --> 00:05:02,810
‫we allow our users to exchange their credentials

112
00:05:02,810 --> 00:05:05,920
‫for AWS credentials that are going to be temporarily

113
00:05:05,920 --> 00:05:08,840
‫and respect the IAM roles and policies

114
00:05:08,840 --> 00:05:11,120
‫coming from the roles that you have defined here.

115
00:05:11,120 --> 00:05:13,000
‫So that's it for this lecture, I hope you liked it,

116
00:05:13,000 --> 00:05:14,950
‫and I will see you in the next lecture.