Set up authentication for your Amazon Location application

The application that you create in this tutorial has anonymous usage, meaning that your users are not required to sign into AWS to use the application. However, the Amazon Location Service APIs require authentication to use. You will use Amazon Cognito to provide authentication and authorization for anonymous users. This tutorial will use Amazon Cognito to authenticate your application.

Note

For more information about using Amazon Cognito with Amazon Location Service, see Grant access to Amazon Location Service.

The following tutorials show you how to set up authentication for the map, the place index, and tracker you created in as well setting up permissions for Amazon Location.

Create an IAM policy for tracking

Sign in to the IAM console at https://console.aws.amazon.com/iam/ with your user that has administrator permissions.
In the navigation pane, choose Policies.
In the content pane, choose Create policy.

Choose the JSON option, then copy and paste this JSON policy into the JSON text box.


{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "geo:GetMapTile",
                    "geo:GetMapStyleDescriptor",
                    "geo:GetMapSprites",
                    "geo:GetMapGlyphs",
                    "geo:SearchPlaceIndexForPosition",
                    "geo:GetDevicePositionHistory",
                    "geo:BatchUpdateDevicePosition"
                ],
                "Resource": [
                    "arn:aws:geo:{Region}:{Account}:map/{MapName}",
                    "arn:aws:geo:{Region}:{Account}:place-index/{IndexName}",
                    "arn:aws:geo:{Region}:{Account}:tracker/{TrackerName}"
                ]
            }
        ]
    }

This is a policy example for Tracking. To use the example for your own policy, replace the Region, Account, IndexName, MapName and TrackerName placeholders.

Note

While unauthenticated identity pools are intended for exposure on unsecured internet sites, note that they will be exchanged for standard, time-limited AWS credentials.

It's important to scope the IAM roles associated with unauthenticated identity pools appropriately. For more information about using and appropriately scoping policies in Amazon Cognito with Amazon Location Service, see Granting access to Amazon Location Service.

On the Review and Create page, provide a name for the policy name field. Review the permissions granted by your policy, and then choose Create Policy to save your work.

The new policy appears in the list of managed policies and is ready to attach.

Set up authentication for your tracking

Set up authentication for your map application in the Amazon Cognito console.
Open the Identity pools page.

Note
The pool that you create must be in the same AWS account and AWS Region as the Amazon Location Service resources that you created in the previous section.
Choose Create Identity pool.
Starting with the Configure identity pool trust step. For user access authentication, select Guest access, and press next.
On the Configure permissions page select the Use an existing IAM role and enter the name of the IAM role you created in the previous step. When ready press next to move on to the next step.
On the Configure properties page, provide a name for your identity pool. Then press Next.
On the Review and create page, review all the information present then press Create identity pool.
Open the Identity pools page, and select the identity pool you just created. Then copy or write down the IdentityPoolId that you will use later in your browser script.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Create resources

Create the app