Use cognito login instead of certificates to authenticate and subscribe to aws IoT MQTT topics?

Question

I\'m new to learning AWS and I\'m trying to figure out if my use-case is possible. I want to create a mobile app where the user can login (email/facebook/google etc.) and then s

Answer 1

Short answer, Yes, it is possible. To do that you should do the following:

• Create Cognito user pool. User Pool ID and App client id will be used in the next step. You can find more information here.

• Create Cognito Identity pool. Under Authentication Providers you should give User Pool ID and App client id, more information here. When you create this, it will create two Roles for Authenticated and Unauthenticated users in IAM. You should add IoT access permissions (Connect, Publish, Subscribe and Receive) to those roles.

• On client side (your App), after choosing your preferred AWS SDK (Android, iOS, React, JS, etc.) and configuring User pool ID, Identity pool and App client ID you should first authenticate the user by sending the user information (usually Email/Username and Password) to the Cognito user pool. In return, you will get some tokens.

• Among those IdToken (JWT) will be sent to the Identity pool and in return you will get User Identity ID along with credentials (accessKeyId, secretAccessKey, sessionToken) needed to access AWS other services like IoT.

• Last step would be using aws-iot-sdk for your App along with those credentials to publish and subscribe to your IoT topics. You can find more information about aws-iot-sdk here.