I’m building an application in which I plan to use the Cognito service. The app itself consists of gateway lambda functions, which are publicly available, but do jwt token checks for authentication. (Did not want to use the gateway authentication as it seemed way too tedious, I want everything in the .yml, without manual labor in the AWS console.)
In the .yml I’ve created a user pool/client and everything works fine, but I also need to add Facebook/Google/etc login options. So I added a identity pool for those (and the previously mentioned user pool). Here where I’m a bit confused - I have to add roles for the identity pool, but to my understanding I don’t need the roles, all I need is to get a token which I can then validate in my lambda functions.
The js aws sdk seems to hide a lot of stuff aswell…
What do you thing about such an approach? Is it OK, and how do I move forward?