@aws-cdk/aws-cognito-identitypool-alpha: allowUnauthenticatedIdentities still creates IAM role #25470

markmansur · 2023-05-07T01:39:03Z

Describe the bug

Hello!

When creating an IdentityPool that I only want authenticated users to access I set allowUnauthenticatedIdentities to false. However, this still ends up creating an IAM role for unauthenticated users, eventhough I specified I don't need it and it's not required.

Expected Behavior

When setting allowUnauthenticatedIdentities to false, an IAM role for unauthenticated users should not be synthesized.

Current Behavior

When setting allowUnauthenticatedIdentities to false, an IAM role for unauthenticated users is being synthesized.

Reproduction Steps

const stack = new Stack();
const identityPool = new IdentityPool(stack, 'TestIdentityPool');

Possible Solution

Check if allowUnauthenticatedIdentities is false. If so, do not synthesize the unauthenticated IAM role.

Additional Information/Context

No response

CDK CLI Version

2.78.0

Framework Version

No response

Node.js Version

16.16.0

OS

MacOS

Language

Typescript

Language Version

No response

Other information

No response

The text was updated successfully, but these errors were encountered:

pahud · 2023-05-08T14:49:52Z

Yes I believe we should fix this:

aws-cdk/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts

Line 433 in b76c182

    
           this.unauthenticatedRole = props.unauthenticatedRole ? props.unauthenticatedRole : this.configureDefaultRole('Unauthenticated');

Are you interested to submit a PR for that?

markmansur · 2023-05-08T15:05:05Z

Yeah I'll submit a PR

TheRealAmazonKendra · 2023-05-08T15:31:48Z

A redesign of this is in progress.

markmansur · 2023-05-09T03:17:40Z

Okay, I'll wait for that. Is there a tracking issue?

markmansur · 2023-05-09T03:18:53Z

#25204?

Leo10Gama · 2024-08-29T17:15:35Z

This is the the expected behaviour of IdentityPools. When allowUnauthenticatedIdentities is set to false, it will still create the unauthenticated role, but more importantly, it sets "Guest Status" to inactive in the console, which is what the parameter is meant to do. Even as shown in the console, it's possible to both have a guest role and have guest access disabled, so there is no reason to change this behaviour.

github-actions · 2024-08-29T17:15:54Z

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

markmansur added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 7, 2023

github-actions bot added the @aws-cdk/aws-cognito-identitypool label May 7, 2023

pahud added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels May 8, 2023

TheRealAmazonKendra self-assigned this May 8, 2023

TheRealAmazonKendra added the in-progress This issue is being actively worked on. label May 8, 2023

evgenyka mentioned this issue Oct 10, 2023

📊Tracking: Stabilize Amazon Cognito Identity Pools #27483

Open

Tietew mentioned this issue Jul 18, 2024

fix(cognito-identitypool-alpha): allowUnauthenticatedIdentities still creates an unauthenticated IAM role #30884

Closed

1 task

Leo10Gama closed this as completed Aug 29, 2024

github-actions bot locked as resolved and limited conversation to collaborators Aug 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

@aws-cdk/aws-cognito-identitypool-alpha: allowUnauthenticatedIdentities still creates IAM role #25470

@aws-cdk/aws-cognito-identitypool-alpha: allowUnauthenticatedIdentities still creates IAM role #25470

markmansur commented May 7, 2023

pahud commented May 8, 2023

markmansur commented May 8, 2023

TheRealAmazonKendra commented May 8, 2023

markmansur commented May 9, 2023

markmansur commented May 9, 2023

Leo10Gama commented Aug 29, 2024

github-actions bot commented Aug 29, 2024