Configure AWS Amplify


From @jayair on Thu Mar 15 2018 19:38:04 GMT+0000 (UTC)

Link to chapter -

Copied from original issue:


From @davidmsvetlecic on Tue Mar 20 2018 23:01:47 GMT+0000 (UTC)

fyi (in case anyone else had this problem): I was not able to upload a file to S3 due to permission error. Even though there was no difference in the policy, creating a new Cognito Identity Pool and it worked for me.


From @viccooper142 on Thu Apr 05 2018 23:10:15 GMT+0000 (UTC)

Small typo: “The name: “notes” is basically telling Amplify that we want to name our API. Amplify allows you to add multiple APIs that you your app is going to work with. In our case our entire backend is just one single API.”


From @jayair on Fri Apr 06 2018 18:49:23 GMT+0000 (UTC)

@viccooper142 Thanks. Fixed.


From @ramnavan on Wed Apr 11 2018 15:45:21 GMT+0000 (UTC)

My question is behind the relationship between user pool and identity pool when performing signup and signin. Since signup and signin are primarily handled only my the Cognito User Pool, it confuses me why IdentityPoolId needs to be specified when configuring AWS Amplify? SignUp operation especially just creates user in the User Pool. What’s identity pool’s involvement here?


From @jayair on Wed Apr 11 2018 23:23:22 GMT+0000 (UTC)

@ramnavan I’m not sure if you had a chance to look at this chapter -

But the Identity Pool uses the User Pool as an authentication provider and then secures access to the other AWS resources.


Im getting this error Uncaught TypeError: Cannot read property ‘crypto’ of undefined when importing Amplify from “aws-amplify”;

Has anyone seen this ?


Was able to solve it. If anyone else is having the same issue and using webpack. Just exclude node_modules where you use babel-loader in webpack config file like this:
{ test: /.(js)$/, use: ‘babel-loader’, exclude: /node_modules/ }


Thanks for reporting back.

Were you using a Webpack config on top of Create React App?


How to protect the configuration files? I don’t want to expose my keys in a js file, where everyone can see in the source code. I am using angular 6 though in my project.


These ids can be publicly visible. We are securing them on the backend with Cognito and IAM. This ensures that you need to be logged in to to your app to access these resources.


But what prevents me(or anyother else) to get these ids and use them in my application, wouldn’t I be able to login/register using your UserPool and etc. and thus poluting this pool with contacts from different app.


These Id’s are meant to be available on the client side. So in theory somebody would be able to use these to sign up for your app through a different client. Of course that is pretty similar to just signing up for your app directly. I’ll need to check if there is a way to filter based on the source domain.