in src/integ_test_resources/android/sdk/integration/cdk/cdk_integration_tests_android/iot_stack.py [0:0]
def setup_identity_pool(self):
identity_pool = aws_cognito.CfnIdentityPool(
self, "pinpoint_integ_test_android", allow_unauthenticated_identities=True
)
unauthenticated_role = aws_iam.Role(
self,
"CognitoDefaultUnauthenticatedRole",
assumed_by=aws_iam.FederatedPrincipal(
"cognito-identity.amazonaws.com",
{
"StringEquals": {"cognito-identity.amazonaws.com:aud": identity_pool.ref},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
},
},
"sts:AssumeRoleWithWebIdentity",
),
)
unauthenticated_role.add_to_policy(
aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"cognito-sync:*",
"iot:*"
],
resources=["*"],
)
)
aws_cognito.CfnIdentityPoolRoleAttachment(
self,
"DefaultValid",
identity_pool_id=identity_pool.ref,
roles={"unauthenticated": unauthenticated_role.role_arn},
)
self._parameters_to_save["identity_pool_id"] = identity_pool.ref