Amazon Cognito Identity
(cognito-identity)
IAM Changes
Services
2025-12-13
2025-12-13
5 new conditions | 8 updated actions
Additions
Conditions
cognito-identity-auth:AccountId
Description:
Filters access by the owning AWS account ID for identity pool authenticated users. Applies to unauthenticated (public) API operations
Type:
String
cognito-identity-auth:IdentityPoolArn
Description:
Filters access by the identity pool ID for a given authenticated-user identity ID. Applies to unauthenticated (public) API operations
Type:
ARN
cognito-identity-unauth:AccountId
Description:
Filters access by the owning AWS account ID of an identity pool for identity pool guest users. Applies to unauthenticated (public) API operations
Type:
String
cognito-identity-unauth:IdentityPoolArn
Description:
Filters access by the identity pool ID for a given guest-user identity ID. Applies to unauthenticated (public) API operations
Type:
ARN
cognito-identity:IdentityPoolArn
Description:
Filters access by the identity pool ID for a given identity ID for DeleteIdentities and DescribeIdentity
Type:
ARN
Updates
Actions
TagResource
Resources
New_value: Yes
Old_value: No
UntagResource
Resources
New_value: Yes
Old_value: No
DeleteIdentities
Conditions
+ cognito-identity:IdentityPoolArn
DescribeIdentity
Conditions
+ cognito-identity:IdentityPoolArn
GetCredentialsForIdentity
Conditions
+ cognito-identity-unauth:IdentityPoolArn
+ cognito-identity-unauth:AccountId
+ cognito-identity-auth:IdentityPoolArn
+ cognito-identity-auth:AccountId
GetId
Conditions
+ cognito-identity-unauth:IdentityPoolArn
+ cognito-identity-unauth:AccountId
+ cognito-identity-auth:IdentityPoolArn
+ cognito-identity-auth:AccountId
GetOpenIdToken
Conditions
+ cognito-identity-unauth:IdentityPoolArn
+ cognito-identity-unauth:AccountId
+ cognito-identity-auth:IdentityPoolArn
+ cognito-identity-auth:AccountId
UnlinkIdentity
Conditions
+ cognito-identity-auth:IdentityPoolArn
+ cognito-identity-auth:AccountId