Sign AWS requests using Cognito Your User Pool user using Postman


I am trying to send an authenticated request to AWS API Gateway. The clients will authenticate against Cognito Your User Pools, and then obtain a token from an associated Cognito Identity Pool corresponding to the logged-in user in the user pool. I am trying to simulate such a request using Postman.

This post suggests that the command aws cognito-identity get-credentials-for-identity can be used to get the AccessKeyId and SecretKey needed for Postman to sign the request. However, when I try to run it with the sub attribute for a user from the Cognito User Pool console:

The same thing happens if I try to use an identity ID from the associated identity pool shown in the AWS Console (I selected one that has 2 “linked logins”).


You need to pass along the login map :

This syntax worked for me:

Note: --identity-id is not the identity pool id, its the identity from the identity browser.

Leave a Reply