0
1
00:00:00,439 --> 00:00:08,069
Okay now before we get in and start
creating our federated identity pool, we
1

2
00:00:08,069 --> 00:00:11,580
need to actually create our website, and
we'll create a bucket for our website
2

3
00:00:11,580 --> 00:00:17,220
because we're going to need that bucket
name in an IAM role that we need for this
3

4
00:00:17,220 --> 00:00:20,970
federated identity pool, so we just goining to
go into the s3 management console
4

5
00:00:20,970 --> 00:00:26,670
creating a bucket, just going to give
that bucket a name and just click on
5

6
00:00:26,670 --> 00:00:30,060
next, I'm racing through this very
quickly because we've we already know
6

7
00:00:30,060 --> 00:00:35,160
how to do this, so next again, make sure
that we have public access on this 
7

8
00:00:35,160 --> 00:00:43,170
bucket so public read access, next create
bucket so once that bucket has been
8

9
00:00:43,170 --> 00:00:49,350
created we just go into it and the first
thing we need to do is change the
9

10
00:00:49,350 --> 00:00:54,079
permissions on that bucket, so we need to
have cross-origin resource sharing
10

11
00:00:54,079 --> 00:00:58,770
enabled on this and we need have a
policy set up for that, the reason being
11

12
00:00:58,770 --> 00:01:01,890
is that our application is going to be
on the browser side and it will be
12

13
00:01:01,890 --> 00:01:06,240
accessing multiple domains through that
browser so the browser will block that
13

14
00:01:06,240 --> 00:01:09,600
from occurring
unless cause is set up, so we click on
14

15
00:01:09,600 --> 00:01:14,460
CORS and there is already a sample
policy there, we're not going to use that
15

16
00:01:14,460 --> 00:01:19,130
one, I'm going to use one that I prepared
earlier
16

17
00:01:19,130 --> 00:01:23,939
okay so just copied and pasted that over
from the lab notes so we can see there
17

18
00:01:23,939 --> 00:01:28,740
we've got "get, put, post, delete", all
that is going to be allowed for
18

19
00:01:28,740 --> 00:01:33,600
cross-origin resource sharing on this
bucket, once we've done that we need to
19

20
00:01:33,600 --> 00:01:41,490
go in and upload our website, so we need
to first off there's a link for the 
20

21
00:01:41,490 --> 00:01:48,740
BackSpace Academy repository on github for
this code, so you just go to that and
21

22
00:01:48,740 --> 00:01:53,850
clone that or download it or if you'd
like to work on it and send me some pull
22

23
00:01:53,850 --> 00:01:58,200
requests and tidy it up a
little bit and make it look a bit more
23

24
00:01:58,200 --> 00:02:02,070
pretty for me you can always fork that
and I'll take any any pull requests
24

25
00:02:02,070 --> 00:02:08,849
quite happily for that, so clone that,
download it and open that up into your
25

26
00:02:08,849 --> 00:02:13,500
and into a folder somewhere and get that
ready to upload
26

27
00:02:13,500 --> 00:02:19,140
on to your bucket, so just going back in
there we upload and we're just going to
27

28
00:02:19,140 --> 00:02:22,670
drag and drop those files across
28

29
00:02:30,460 --> 00:02:34,990
and again we make sure that that's
public permissions so grant public read
29

30
00:02:34,990 --> 00:02:39,420
access and will upload that
30

31
00:02:50,170 --> 00:02:55,910
okay so our website is uploaded and all
ready to go so we just don't need to go
31

32
00:02:55,910 --> 00:03:00,350
into properties and enable static
website hosting, again we know how to do
32

33
00:03:00,350 --> 00:03:05,680
this, use this bucket to host a website,
we're going to put in our index.html
33

34
00:03:05,680 --> 00:03:12,590
file for that, and I'm just going to
click on the endpoint to get that open
34

35
00:03:12,590 --> 00:03:19,640
it won't work because we haven't enabled it yet, and click on save and go
35

36
00:03:19,640 --> 00:03:24,470
back to the overview then I'm just going
to refresh that URL for the website and
36

37
00:03:24,470 --> 00:03:28,880
it should come in, so what's basically
happened there is that there is a little
37

38
00:03:28,880 --> 00:03:34,910
bit of a a spinner image that appeared
there and that's going to be up when the
38

39
00:03:34,910 --> 00:03:38,660
JavaScript SDK is coming into the
browser when it's loading that
39

40
00:03:38,660 --> 00:03:43,010
JavaScript SDK and I'll only do that
once because after that will be stored
40

41
00:03:43,010 --> 00:03:47,980
in in browser memory and while that's
occurring these buttons will not be
41

42
00:03:47,980 --> 00:03:52,370
visible and the reason I've done that is
it because we don't want to click on any
42

43
00:03:52,370 --> 00:03:56,989
of these buttons and have any any
attempt at running code until that
43

44
00:03:56,989 --> 00:04:03,110
JavaScript SDK has fully come in, so
that's all we need to do for setting up
44

45
00:04:03,110 --> 00:04:09,470
this website, so just going back into the
github repository for it, so we've got an
45

46
00:04:09,470 --> 00:04:13,910
index.html file there which is got all
those buttons and whatever we're not
46

47
00:04:13,910 --> 00:04:18,560
going to be doing anything with that
with that file but what we're going to
47

48
00:04:18,560 --> 00:04:23,510
do is, if you look at the js folder here,
there will be an app.js and that
48

49
00:04:23,510 --> 00:04:27,350
will be a starting point for our
application, so I'll have some basic
49

50
00:04:27,350 --> 00:04:32,240
stuff there for the user interface and
we're going to build up the code that we
50

51
00:04:32,240 --> 00:04:38,360
need for using Cognito but if you're
lazy or you've got lost and it doesn't
51

52
00:04:38,360 --> 00:04:42,710
work you, there is one here called app -
final, so all you need to do is rename
52

53
00:04:42,710 --> 00:04:49,729
that to .js and you can you can just
write up without too many difficulties
53

54
00:04:49,729 --> 00:04:54,740
you'll just have to go in there and
change obviously your user pool ID your
54

55
00:04:54,740 --> 00:05:00,440
client ID, your identity pool ID
your bucket name all this sort of stuff
55

56
00:05:00,440 --> 00:05:04,479
will need to be changed
as well otherwise it won't work of
56

57
00:05:04,479 --> 00:05:12,910
course. Okay so that's all we need to do
now for that and what we'll do now is
57

58
00:05:12,910 --> 00:05:18,610
we'll create this identity pool so we
just go back into user pools and click
58

59
00:05:18,610 --> 00:05:25,210
on at the top here we've got federated
identities and it just jumps straight
59

60
00:05:25,210 --> 00:05:29,880
into a getting started wizard, so I'm
just going to give that a name,
60

61
00:05:29,880 --> 00:05:38,320
okay so we've got an authenticated
identities here, so we don't want to
61

62
00:05:38,320 --> 00:05:43,389
allow unauthenticated identities for our
application but we could if we wanted to
62

63
00:05:43,389 --> 00:05:47,830
we could have that happen what we want
to do is we want to use authentication
63

64
00:05:47,830 --> 00:05:56,139
providers, now we're going to be using a
Cognito user pool to authenticate our 
64

65
00:05:56,139 --> 00:06:02,770
users but we don't have to use Cognito
we can use Amazon login with Amazon,
65

66
00:06:02,770 --> 00:06:09,250
Facebook, Google, or any oauth process that
we that we would like to use, we can also
66

67
00:06:09,250 --> 00:06:13,770
use SAML if we've got an enterprise
SAML application that we want to
67

68
00:06:13,770 --> 00:06:17,889
integrate in with that we can do that
with Cognito not a problem and we can
68

69
00:06:17,889 --> 00:06:24,250
also have a custom one we can do our own
custom oauth authentication service but
69

70
00:06:24,250 --> 00:06:28,659
we're just going to use Cognito but you
can use Cognito you don't have to use
70

71
00:06:28,659 --> 00:06:32,830
Cognito and you can use all of these you
can have login with Cognito, Amazon,
71

72
00:06:32,830 --> 00:06:37,539
Facebook the whole lot of them, if you
wanted to, so it's it's quite a powerful
72

73
00:06:37,539 --> 00:06:41,800
service from that perspective so the
first thing we need to do is put that
73

74
00:06:41,800 --> 00:06:48,130
user pool ID, so we need to go back into
the user pool, so we need to go back into
74

75
00:06:48,130 --> 00:06:55,120
services and then back into the Cognito
main console if I can find it there it is
75

76
00:06:55,120 --> 00:07:03,780
okay manage your user pools and we'll
get that user pool ID
76

77
00:07:04,790 --> 00:07:15,330
which is this one here, so we want the
pool ID we don't want the irn and we put
77

78
00:07:15,330 --> 00:07:19,920
that in there we also need to grab that
client ID of our application so we just
78

79
00:07:19,920 --> 00:07:27,110
go into app clients and we'll grab that
client ID we'll just copy that over and
79

80
00:07:27,110 --> 00:07:33,690
that's what we need to do so that app
client ID and user pool ID they're all
80

81
00:07:33,690 --> 00:07:38,190
different and the the identity ID will
be created after this, so that's going to,
81

82
00:07:38,190 --> 00:07:48,180
click on create pool, ok so what's
happening now is that we're now going to
82

83
00:07:48,180 --> 00:07:56,130
be going to the IAM service because
Cognito or Cognito ID needs to have
83

84
00:07:56,130 --> 00:08:01,410
permission to access resources on your
behalf, so we do that obviously for a
84

85
00:08:01,410 --> 00:08:08,900
service through an I am role, now we have
two roles here we have one for the
85

86
00:08:08,900 --> 00:08:13,980
authenticated identities and another one
for the unauthenticated identities, so
86

87
00:08:13,980 --> 00:08:18,120
I'm just going to keep that just have a
look at the policy name first so we're
87

88
00:08:18,120 --> 00:08:22,800
not even allowing an or an authenticated
so it doesn't really matter I'm just
88

89
00:08:22,800 --> 00:08:27,780
going to just get rid of that change it
to a different name
89

90
00:08:27,780 --> 00:08:32,610
so it won't give me an error and I've
already used this for awesome is going
90

91
00:08:32,610 --> 00:08:41,190
to change this one to a different name
as well now we need to view this policy
91

92
00:08:41,190 --> 00:08:46,260
document so just edit it's going to come
up with a little warning saying well
92

93
00:08:46,260 --> 00:08:51,540
better read the documentation before you
play with this, that's fine I'll just
93

94
00:08:51,540 --> 00:08:58,890
expand that out of it so what we've got
there is a policy that allows whatever
94

95
00:08:58,890 --> 00:09:06,630
server set that assumes this role it
allows to have access to mobile
95

96
00:09:06,630 --> 00:09:12,780
analytics for put events to the Cognito
sync service and Cognito identity
96

97
00:09:12,780 --> 00:09:17,610
service, we want more than that because
we want these temporary credentials to
97

98
00:09:17,610 --> 00:09:21,300
be our two
access Amazon s3 as well so we're going
98

99
00:09:21,300 --> 00:09:29,399
to and that to that's are just going to
copy that over from at the lab notes ok
99

100
00:09:29,399 --> 00:09:32,850
so I've just copied and pasted that in
there so you can see here we've got the
100

101
00:09:32,850 --> 00:09:37,499
same permission that we had before we
haven't changed that but we've added an
101

102
00:09:37,499 --> 00:09:42,779
s3 service in here so allowing for we
got to allows here the first one it's a
102

103
00:09:42,779 --> 00:09:49,050
list buckets in a folder within our main
bucket so you need to change this to the
103

104
00:09:49,050 --> 00:09:54,149
name of your bucket so this one here is
backspace-lab-copy, you need to change
104

105
00:09:54,149 --> 00:09:59,850
that to the name of your bucket that you
just created and what it does it allows
105

106
00:09:59,850 --> 00:10:06,209
to list buckets within a folder called
Cognito and then a subfolder of that
106

107
00:10:06,209 --> 00:10:11,459
called backspace - Academy, we have
another one here that has get put and
107

108
00:10:11,459 --> 00:10:17,369
delete of objects within again within
that bucket and then another subfolder
108

109
00:10:17,369 --> 00:10:21,929
of that called Cognito and then another
one called backspace Academy and then
109

110
00:10:21,929 --> 00:10:28,799
another folder or subfolder of that
which is going to be in the name of that
110

111
00:10:28,799 --> 00:10:37,619
Cognito user or that the Cognito uses ID
and so what that means is that that
111

112
00:10:37,619 --> 00:10:46,339
person can upload or delete or change
objects but they can only do that in a
112

113
00:10:46,339 --> 00:10:54,899
folder that is specifically in there
they're there a Cognito ID and they
113

114
00:10:54,899 --> 00:11:00,119
cannot access any other part for delete
or put or anything also on that bucket
114

115
00:11:00,119 --> 00:11:07,199
so we just click on allow and that's all
successful and it brings us back into
115

116
00:11:07,199 --> 00:11:12,420
here with some sample codes so this is
for android we can have a look at the
116

117
00:11:12,420 --> 00:11:18,329
JavaScript code it just tells you how to
create a table us credentials which is
117

118
00:11:18,329 --> 00:11:25,589
what we've got there that's not going to
be enough for a user to access but we'll
118

119
00:11:25,589 --> 00:11:30,629
go into that later on but what we need
to take note of here is this user pool
119

120
00:11:30,629 --> 00:11:35,730
ID
that's what we use to access or what we
120

121
00:11:35,730 --> 00:11:43,770
use is with our authenticated service to
access our temporary credentials so I'm
121

122
00:11:43,770 --> 00:11:48,810
just going to go to the dashboard and
there we can see that we have a
122

123
00:11:48,810 --> 00:11:53,850
dashboard that shows how many identities
are logging in and what are the
123

124
00:11:53,850 --> 00:11:57,870
authentication methods so here we've got
that user pool but we might have here a
124

125
00:11:57,870 --> 00:12:01,620
Facebook authentication method and
Google or whatever, so those who will be
125

126
00:12:01,620 --> 00:12:05,130
listed up here and how often
they're been accessed through those
126

127
00:12:05,130 --> 00:12:14,460
different methods so now that we've done
that we can look at getting stuck into
127

128
00:12:14,460 --> 00:12:21,830
creating our a web application that has
this Cognito power behind it