I have an AWS API, with access controlled by an IAM authoriser associated with the unauthenticated role of a Cognito Identity pool. A successful call to the API invokes a Lambda function.
The current process is:
IdentityId e.g. eu-west-2:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX. This is the information I require in my Lambda function - see below.AccessKeyId, SecretKey and SessionTokenX-Amz-Security-Token, obtained from step 1event.headers includes X-Amz-Security-TokenIs it possible for the Lambda function to identify the identity pool ID of the caller (e.g. eu-west-2:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX), either from the data available in the header of the request, or any other means.
Things I have tried:
Invoke with caller credentials ticked in API GatewaySessionToken, though this appears only to be a temporary access token rather than containing any useful data like a JWT.If absolutely necessary I can include the identity ID of the user with every request, but I'd prefer to avoid this if possible.
The Cognito ID of the user is included in the requestContext property of the event object passed to your Lambda function.
E.g. the Identity of the Cognito user that access the API is:
event['requestContext']['identity']['cognitoIdentityId'];