AWS Cognito, AWS APIGateway & credentials in Python

Question

I want to perform something which I believe is pretty common and should therefore be simple : obtain credentials against Cognito authentication using Python to then be able to call an APIGateway method.

I have created all ressources using the AWS SAM model. I can successfully see the Cognito user pool, its ID, the Cognito app client as well as a user. I am even able to authenticate using cURL.

However, I can't replicate the same steps in Python :

import boto3
import requests

region = 'eu-west-1'
cognito = boto3.client('cognito-identity', region)

accountId= 'xxxxxxxxxxxx' # 12 digits AWS account

poolId = 'something'
cognito .get_id(AccountId=accountId,IdentityPoolId=poolId)

and I have a problem with the poolId because I receive an exception :

´´´Python Member must satisfy regular expression pattern: [\\w-]+:[0-9a-f-]+ ´´´

but my poolId I see on AWS console is in the format eu-west-1:XXXXXXXXX whereas it should be in the format eu-west-1:xxx-xxx-xxx-xxxx-xxxx . However, I can't find a value with that format anywhere in the console.

Any help is appreciated.

Answer 1

You are confusing User Pool with Identity Pool. To generate temporary IAM credentials, you need to create an Identity Pool and add your User Pool and app client under Authentication Providers.

Also select choose role from token if you are using groups in your user pool.