Create identity pool

  1. From main Cognito page in the AWS console, Select Grant access to AWS services and then select Create identity pool

  1. You will see a page saying Identify the IAM roles to use with your new pool. Click on the Allow button to accept the defaults roles.

  1. You will now see the Getting Started with Amazon Cognito page. Click on the Platform dropdown button and select JavaScript. Make a note of the region and the IdentityPoolId because you will need these values for your JavaScript code.

  1. Navigate to IAM, Roles and type Cognito in the search bar. You should see the roles that Cognito automatically created for you when you enabled the Identity Pool.

  1. Select the IAM role with Auth in the name and edit this policy to allow listing files in S3. Don’t edit the Unauth policy as this is for unauthenticated users.

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": [
      "Resource": ["*"]
      "Effect": "Allow",
      "Action": "s3:List*",
      "Resource": "*"