AWS SDK for JS in Browser with a CognitoUser instead of IAM credentials?

Question

I have a browser app that interacts with S3. Since it was mostly an in-house tool, after handling authenticating to an API, it directly received the ID and secret for a very restricted IAM user which was then used to setup the AWS SDK in the browser.

I am now trying to change that app to use Cognito for authentication, so it can be accessed by external users without compromising our security.

I wound up using AWS Amplify just to handle the authentication part, and now I'm trying to figure out if there's a way of using the credentials I get from Cognito to setup the AWS JavaScript SDK and replicate the same functionality from that point on. (The way Amplify currently handles interaction with S3 does not cover all of the app's needs)

Is there a way of doing this? I find the SDK documentation extremely confusing, and have been unable to determine if what I'm trying to do can be done at all.

Additionally, if there's a way to use the JS SDK only (without Amplify) to login a user via Cognito, that would also be preferable to me, but that's a secondary concern.

Answer 1

Yes, you can easily do this with Amplify, and I recommend this approach.

Here's an example from the docs using the Route53 module from the AWS JS SDK, but you can use any of the AWS modules of course.

Via https://aws-amplify.github.io/docs/js/authentication#working-with-aws-service-objects

import Route53 from 'aws-sdk/clients/route53';

Auth.currentCredentials()
  .then(credentials => {
    const route53 = new Route53({
      apiVersion: '2013-04-01',
      credentials: Auth.essentialCredentials(credentials)
    });

    // more code working with route53 object
    // route53.changeResourceRecordSets();
  })