What is a Cognito IdentityId?

Question

I am trying to get AWS credentials for a user I have just created.

Can anyone tell me what identityId is supposed to be? I have tried concatenating the region with the user sub but it isn't having it:

var params = {
  UserPoolId: process.env.USER_POOL_ID,
  Username: '[email protected]',
  TemporaryPassword: 'Passw0rd!'
};

var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();
cognitoidentityserviceprovider.adminCreateUser(params, function(err, data) {
  if (err) {
    callback(null, failure(err));  
  }else    
    var identityId =  "us-east-1:" + data.User.Username  //user sub

    var cognitoidentity = new AWS.CognitoIdentity();
    cognitoidentity.getCredentialsForIdentity(
      {"IdentityId": identityId},
      (err, credResult) => {
        if(err){
          callback(null, failure(err));
        }
        callback(null, success(credResult));
    })
});

I just get :

{
  "message":"Identity 'us-east-1:8ce7ee63-d9ae-4f12-9xxxxxx' not found.", 
  "code":"ResourceNotFoundException","t": "..."
}

Answer 1

You seem to be mixin Cognito User Pools with Cognito Federated Identities. Cognito User Pool is where you manage your users, and Federated Identities is where you give access to external users AWS credentials.

Said that, you have to make sure you have your Identity Pool (from Federated Identities) configured to give access to the users from your User Pool. This might help you with that https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html

After setting that up you may call CognitoIdentity.getId that will give your IdentityId only after that you can get the credentials.

To summarize: IdentityId is the Id of your user in the Identity pool from Cognito Federated Identities.