Cognito Identity Pool for AWS Integration Authorization

I already have an AWS Cognito User Pool that I am adding my admin users to and is being leveraged for the OAuth flow to authorize requests to an AWS HTTP API Gateway to serve data for my admin apps in Retool.

I need to expand one of the admin tools to grant wide-ranging access to an S3 bucket, and I'd like to leverage a Cognito Identity Pool for the authorization of that access. This blog post indicates that it is possible to do so What makes a great admin portal?

But I cannot find any guidance on how to integrate the Retool app with the identity pool, and it seems the S3 resource configuration just asks for a static Access + Secret Key.

Any pointers on integrating with an Identity Pool?

Hi @davidajetter, If this is still helpful, this won't be possible with Retool's S3 resource but it should be possible with a Retool REST API resource connected to the S3 API!

Hi there,

I’m trying to do the same thing currently. Could you go into a bit more depth about how to achieve this? I can see that the standard OAuth flow is supported because Cognito supports it, but how do I make retool exchange the token for an identity pool token that has IAM permissions associated with it for AWS resources? Thanks


Hi @misset, You should be able to configure Custom Auth (see Retool's docs) on your REST API resource (connected to the S3 API) to integrate with one of the Identity pool authentication flows (see Cognito's docs) in order to retrieve the credentials for an identity (for use in requests to the S3 API). How exactly you configure your custom auth would depend on which Identity pool authentication flow you're configuring. Loosely, it would involve creating 'API' request step(s) to hit the necessary AWS Cognito API endpoints and defining and using variables returned from the API request step(s).