Create identity pool
- From main Cognito page in the AWS console, Select Grant access to AWS services and then select Create identity pool
- You will see a page saying Identify the IAM roles to use with your new pool. Click on the Allow button to accept the defaults roles.
- Navigate to IAM, Roles and type Cognito in the search bar. You should see the roles that Cognito automatically created for you when you enabled the Identity Pool.
- Select the IAM role with Auth in the name and edit this policy to allow listing files in S3. Don’t edit the Unauth policy as this is for unauthenticated users.