Skip to content

Amazon Cognito

Jump to bottom
Ben Poon edited this page Aug 29, 2018 · 1 revision

Amazon Cognito is used to provide user identity feature. With Amazon Cognito,user can use a java pc gui to sign-up, sign-in the account and control their boards.

Below is the Step to set up Amazon Cognito:

  1. Go to Amazon Cognito Console in AWS cloud https://console.aws.amazon.com/cognito/

  2. Click on "Manage User Pools" to open Your User Pools browser.

  3. Click on "Create a user pool"

  4. Input pool name and Select "Review defaults"

  5. Click on "Create pool" to create the user pool

  6. Select "App clients" in the left panel and click on "Add an app client" in the right panel to create App Client "WiFISecureBoardForJavaApp" in the User Pool just created

  7. Ensure untick Generate client secret and click on "Create app client"

  8. In "App client settings" of "WiFISecureBoardForJavaApp", tick "Cognito User Pool", Input "https://www.microchip.com/wwwproducts/en/ATWINC1500" in "Callback URL". Also tick "Authorization code grant", "phone", "email", "openid"

  9. Click on "Save changes"

  10. Create Another App Client "WiFISecureBoardForAlexa"

  11. Ensure tick "Generate client secret" when create App Client

  12. In App Client setting of "WiFISecureBoardForAlexa", tick "Cognito User Pool". Also tick "Authorization code grant", "phone", "email", "openid", "aws.cognito.signin.user.admin", "profile"

  13. Fill in Callback URL with the Re-direct URL that find in the Alexa Skill setting.

  14. Go to Amazon Cognito Console in AWS cloud https://console.aws.amazon.com/cognito/

  15. Click on "Manage Identity Pools"

  16. Click on "Create new identity pool"

  17. Input Identity pool name

  18. In "Authentication providers" of the Identity pool setting, select Cognito, and fill in the user pool ID and the App client ID of "WiFISecureBoardForJavaApp" (The ID can be found in user pool setting page)

  19. Click on "Create Pool". When you creat the identity pool, Cognito will setup two roles in Identity and Access Management (IAM). These will be named something similar to: Cognito_<>Auth_Role and Cognito_<>Unauth_Role. You can view them by pressing the View Details button on the console. Now press the Allow button to create the roles.
    User need attach a policy to the unauthenticated role to setup permissions to access the required AWS IoT APIs. This is done by first creating the IAM Policy shown below in the IAM Console and then attaching it to the unauthenticated role. In the IAM console, Search for the pool name that you created and click on the link for the unauth role. Click on the "Add inline policy" button and add the following policy using the JSON tab. Click on "Review Policy", give the policy a descriptive name and then click on "Create Policy". This policy allows the sample app to create a new certificate (including private key) and attach a policy to the certificate.

    {
	"Version": "2012-10-17",
	"Statement": [
		{
  			"Effect": "Allow",
  			"Action": [
    			"iot:AttachPrincipalPolicy",
    			"iot:CreateKeysAndCertificate"
  			],
  			"Resource": [
    			"*"
  			]
		}
	]
}
    ```

  1. Introduction
  2. Hardware Overview
  3. Firmware Overview
  4. Software Installation
  5. AWS Setup
    1. AWS IoT
    2. Amazon Cogito
    3. Amazon Dynamodb
    4. Amazon Lambda
  6. Alexa Skill Setup
  7. AWS Provision Setup
  8. Java PC GUI Setup
  9. Run Demo
Clone this wiki locally