Description
Is your feature request related to a problem? Please describe.
The GraphQL Auth docs does not specify any details around AUTH_TYPE.AWS_IAM being required to get $context.indentity.congnitoIdentityId during AppSync resolvers.
When using a Cognito User Pool with Federated Identity, and following the cognito s3 access docs, there is no mention that to have this value in your resolvers you must use IAM auth and would assume the use of AMAZON_COGNITO_USER_POOLS.
The reference I have found for this detail is from a forum post - https://forums.aws.amazon.com/thread.jspa?threadID=292671
Describe the solution you'd like
Add doc/guide describing how to get $context.identity.cognitoIdentityId in AppSync resolvers.
Reference that material in:
- https://docs.amplify.aws/sdk/auth/federated-identities/q/platform/ios
- https://docs.amplify.aws/lib/graphqlapi/authz/q/platform/js
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
When using the IAM policy for cognito user access to s3 buckets based on cognito identity (example) the resolvers for your AppSync API need to be able to retrieve this information from the request in order to perform actions on behalf of users.
- DynamoDB data based on
cognitoIdenityId - ElasticSearch data based on
cognitoIdenityId - S3 bucket based on
cognitoIdenityId - ...
Searching google produces confusion in this area