3

I'm trying to implement Pinpoint Analytics into an existing React Native app through the Amplify SDK. We have an existing user base with our own authN and authZ implementation, so we do not require (and more importantly, can't afford) a Cognito user pool.

On one hand, Pinpoint API does not require any integration with Cognito when recording events, yet the amplify documentation seems to require the auth plugin when using analytics, and an auth param is required when configuring Amplify.

Amplify.configure({
    // To get the AWS Credentials, you need to configure 
    // the Auth module with your Cognito Federated Identity Pool
    Auth: {
        identityPoolId: 'us-east-1:xxx-xxx-xxx-xxx-xxx',
        region: 'us-east-1'
    },
    Analytics: {
        // OPTIONAL - disable Analytics if true
        disabled: false,
       ...

Is there a way of using analytics through Amplify without generating a user pool? I've tried checking the AWS mobile SDKs but they are clearly deprecated and most documentation points now to Amplify. We could consume the Pinpoint API directly, but that implementation seems a bit redundant.

whtlnv
  • 2,109
  • 1
  • 25
  • 26

1 Answers1

7

Disclaimer : I am not with AWS Amplify/Cognito/Pinpoint product team.

From my research, AWS Amplify Analytics(Amazon Pinpoint) can be used without Cognito User Pool but requires Cognito Identity Pool for authorization.

The concepts of Cognito User Pool & Cognito Identity Pool can be confusing at times but in simple terms I distinguish them as follows :

Amazon Cognito User Pools is a full-featured user directory service to handle user registration, storage, authentication, and account recovery.

Amazon Cognito Identity Pools (Federated Identities) is a way to authorize use of AWS services in your app.

When you integrate your app with Amazon Pinpoint, the apps needs permissions to access the AWS Services.Therefore, Amazon Cognito identity pools provide a way to authorize use of AWS services in your app.With Cognito Identity Pools, you can obtain temporary AWS credentials with permissions you define via IAM Policy to access AWS services.The IAM policy (auth_role and unauth_role) should contain Pinpoint related policy that would allow you to send data to the service. See sample below :

{
    "Version": "2012-10-17",
    "Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "mobiletargeting:UpdateEndpoint",
            "mobiletargeting:PutEvents"
        ],
        "Resource": [
            "arn:aws:mobiletargeting:*:${accountID}:apps/${appId}*"
        ]
    }
    ]
}

Summary:

Using Amazon Cognito Identity Pool provides a more secure and reliable way of accessing AWS backend resources in your app instead of embedding credentials(i.e access key & secret key) into your apps.

Hope this helps!

Community
  • 1
  • 1
aksyuma
  • 2,957
  • 1
  • 15
  • 29