How to use Cognito Identity rather than AWS credentials ?

[BerndWessels]

Hi @mhart
I'd like to call AWS services via https but rather than using fixed AWS credentials I want to use the Cognito Identity credentials of the currently logged in Cognito User.
How can this be done?

[rasovica]

You can just do
AWS.config.credentials = new AWS.CognitoIdentityCredentials(params)

[CyberCyclone]

You can just do
AWS.config.credentials = new AWS.CognitoIdentityCredentials(params)

This doesn't work. It ignores it and tries to use the AWS creds from the environment variable, which in my case is undefined and fails.

This seems to work:

    var params = {
            "IdentityId" : "CognitoIdentity",
            "Logins" : {
                'cognito-identity.amazonaws.com': "CognitoToken"
            }
        }
        var cognitoidentity = new AWS.CognitoIdentity();
        var tmp = await cognitoidentity.getCredentialsForIdentity(params).promise();
        tmp.region = "us-east-1";
        tmp.IdentityPoolId = "userPoolId"; 
        tmp.Logins = {
            'cognito-identity.amazonaws.com' :  "CognitoToken",
        }

        aws4.sign(
            {
                host: ('bucket-name.s3.amazonaws.com'),
                service: 's3',
                region: "us-east-1",
                path: "/bucketKey/path,
                method: 'PUT',
                signQuery: true
            },
            {
                accessKeyId: tmp.Credentials.AccessKeyId,
                secretAccessKey: tmp.Credentials.SecretKey,
            }
        );