ramesh-maddegoda
commented
1 year ago Implemented a reusable python function get_aws_creds_from_cognito_id_token(cognito_identity_pool_id, cognito_user_pool_id, aws_account_id, region, cognito_id_token) to get temporary AWS credentials with a Cognito ID token. Also, a Jupyter Notebook was created to demonstrate this function. The related code and documentation is available at:
https://github.com/unity-sds/unity-cs-security/tree/main/code_samples/jupyter/identity_pool_aws_creds
Also, there are changes made in the customer authenticator code added in JupyterHub config file to pass aditional environment variables: https://github.com/unity-sds/unity-ads-deployment/blob/custom-authenticator/dev_env/jupyterlab/jupyter_config.yaml
The following path contains a related python function that is used to get and refresh Cognito tokens: https://github.com/unity-sds/unity-cs-security/tree/main/code_samples/jupyter/get_and_refresh_tokens
As a user, I want to download data from an S3 bucket that is a part of my venue
This is currently possible by storing AWS access keys in Jupyter Notebooks. But the Jupyter Notebook user has to use AWS credentials that are different from Cognito tokens, which doesn't create a seamless user experience.
Therefore, it is required to create a reusable python function to obtain and refresh temporary AWS credentials in Jupyter Notebooks.
References:
Accessing AWS services using an identity pool after sign-in - Amazon Cognito Getting credentials - Amazon Cognito CognitoIdentity — Boto3 Docs 1.24.68 documentation