Any way to directly access the ad-hoc IAM access key ID & secret key?

[ffxsam]

If I understand Cognito correctly, it basically creates an ad-hoc IAM user every time someone authenticates, and uses that IAM user to access AWS services.. is that right?

Is there any way to access these strings directly? I have a special case where I don't think the AWS JS SDK is going to work for me, and I need to call the S3 REST API directly, in which case I'll have to formulate an AWS authorization header.

[mlabieniec]

@ffxsam no, cognito does not create IAM users. Cognito is essentially 2 services: User Pools and Federated Identity. The users are part of user pools and are it's own service. The permissions for that user are governed by the IAM role associated with them or their group:
https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html

For the SDK directly, you can call it by just passing credentials:
See #335

For API, you can essentially call any AWS API via the API category and it will take care of signing the URL for you:
https://aws.github.io/aws-amplify/media/api_guide.html#manual-setup

To access the IAM creds you can:

Auth.currentCredentials()
  .then(credentials => {
    // access keys available on:
    let creds = Auth.essentialCredentials(credentials)
  })

[ffxsam]

BTW, this is related to #334 - as I may have to use S3 REST API directly to get fine-grained upload progress.

[ffxsam]

Ah.. I just tried Auth.currentCredentials(). I might've mis-worded it when I said it creates an ad-hoc IAM user, but you do indeed get a dynamically generated IAM key. I see an accessKeyId and secretAccessKey in the result of that function call.

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.