Is it possible to create a public api-endpoint that also sets the "cognitoIdentityId" if the user is logged in

When setting “authorizer: aws_iam” for a function, the “cognitoIdentityId” for the user is set under event.requestContext.identity.

Is it possible to create a function, that does not have an authorizer set (i.e. users who have not logged in could also send requests towards it), but would still provide the “cognitoIdentityId” if the user has logged in?

I solved this by adding the aws_iam authorizer also to the public endpoints, and then enabling access to these functions for “unauthenticated” users as well.

Hi @severi - How did you configure serverless to allow unauthorized users for some functions? What did you have to change in your serverless.yml?

I solved this by enabling unauthorized user access to all functions via AWS::Cognito::IdentityPoolRoleAttachment → Roles → unauthenticated

then added authorization logic to the code (basically you can check if event.requestContext.identity.cognitoAuthenticationType is ‘authenticated’).