Merge branch 'awsdocs:main' into healthimage-update

Author: tejasgn1

.doc_gen/cross-content/cross_CognitoFlows_Python_block.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "file://zonbook/docbookx.dtd" [
+    <!ENTITY % phrases-shared SYSTEM "file://AWSShared/common/phrases-shared.ent">
+    %phrases-shared;
+]>
+<block>
+    <para>
+        Shows web-based demo application that demonstrates &COG; identity 
+        pools authentication flows, allowing users to interactively explore both enhanced and 
+        basic authentication flows with various identity providers.
+    </para>
+    <para>For complete source code and instructions on how to set up and run, see the full example
+        on <ulink
+            url="https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito/scenarios/identity_pools_example_demo">
+        GitHub</ulink>.</para>
+</block>

.doc_gen/metadata/cross_metadata.yaml

@@ -1005,3 +1005,18 @@ cross_MonitorDynamoDB:
   services:
     dynamodb:
     cloudwatch:
+cross_CognitoFlows:
+  title: Use &COG; identity pools and authentication flows
+  title_abbrev: Use &COG; identity pools
+  synopsis:
+    create a web-based demo application that demonstrates identity pools authentication flows.
+  category: Scenarios
+  languages:
+    Python:
+      versions:
+        - sdk_version: 3
+          github: python/example_code/cognito/scenarios/identity_pools_example_demo
+          block_content: cross_CognitoFlows_Python_block.xml
+  service_main: cognito-identity-provider
+  services:
+    cognito-identity-provider:

python/example_code/cognito/README.md

@@ -62,6 +62,7 @@ Code examples that show you how to accomplish a specific task by calling multipl
 functions within the same service.
 
 - [Sign up a user with a user pool that requires MFA](cognito_idp_actions.py)
+- [Use Amazon Cognito identity pools](../../example_code/cognito/scenarios/identity_pools_example_demo)
 
 
 <!--custom.examples.start-->
@@ -114,6 +115,18 @@ python cognito_idp_actions.py
 <!--custom.scenarios.cognito-identity-provider_Scenario_SignUpUserWithMfa.start-->
 <!--custom.scenarios.cognito-identity-provider_Scenario_SignUpUserWithMfa.end-->
 
+#### Use Amazon Cognito identity pools
+
+This example shows you how to create a web-based demo application that demonstrates identity pools authentication flows.
+
+
+<!--custom.scenario_prereqs.cross_CognitoFlows.start-->
+<!--custom.scenario_prereqs.cross_CognitoFlows.end-->
+
+
+<!--custom.scenarios.cross_CognitoFlows.start-->
+<!--custom.scenarios.cross_CognitoFlows.end-->
+
 ### Tests
 
 ⚠ Running tests might result in charges to your AWS account.

python/example_code/cognito/scenarios/identity_pools_example_demo/web/.env.example

@@ -0,0 +1,63 @@
+FRONTEND_URL=http://localhost:8001
+
+# Amazon Cognito configuration: replace these example values with your actual AWS configuration
+AWS_REGION=us-east-1
+AWS_ACCOUNT_ID=123456789012
+
+# Amazon Cognito identity pools configuration: replace with your actual identity pool ID from the Amazon Cognito console
+COGNITO_IDENTITY_POOL_ID=us-east-1:a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
+
+# IAM role ARN for authenticated users: it grants permissions to users who have signed in
+AUTHENTICATED_ROLE_ARN=arn:aws:iam::123456789012:role/Cognito_IdentityPoolAuth_Role
+# IAM role ARN for unauthenticated users: it grants limited permissions to anonymous users
+UNAUTHENTICATED_ROLE_ARN=arn:aws:iam::123456789012:role/Cognito_IdentityPoolUnauth_Role
+
+# Amazon Cognito user pool configuration
+COGNITO_USER_POOL_ID=us-east-1_EXAMPLE123
+COGNITO_APP_CLIENT_ID=1234567890abcdefEXAMPLE
+COGNITO_APP_CLIENT_SECRET=1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0tEXAMPLE
+COGNITO_DOMAIN=example-domain
+
+# Social identity providers: configure the social identity providers you want to use
+# 1. Google OAuth 2.0 configuration: obtain these values from the Google Cloud Console
+GOOGLE_CLIENT_ID=123456789012-abcdefghijklmnopqrstuvwxyzEXAMPLE.apps.googleusercontent.com
+GOOGLE_CLIENT_SECRET=GOCSPX-AbCdEfGhIjKlMnOpQrStUvWxYzEXAMPLE
+
+# 2. Facebook login configuration: obtain these values from Facebook for developers
+FACEBOOK_APP_ID=1234567890123456
+FACEBOOK_APP_SECRET=a1b2c3d4e5f6g7h8i9j0k1l2m3n4oEXAMPLE
+
+# 3. Login with Amazon configuration: obtain these values from the Amazon Developer Portal
+AMAZON_CLIENT_ID=amzn1.application-oa2-client.a1b2c3d4e5f6g7h8i9j0k1l2m3n4oEXAMPLE
+AMAZON_CLIENT_SECRET=amzn1.oa2-cs.v1.a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5zEXAMPLE
+
+# Enterprise identity providers: configure enterprise identity providers for corporate authentication
+# 1. OpenID Connect (OIDC) provider configuration: replace with your OIDC provider's configuration
+
+# For Okta, these would typically be:
+# OIDC_AUTHORIZATION_ENDPOINT=https://your-domain.okta.com/oauth2/default/v1/authorize  
+# OIDC_TOKEN_ENDPOINT=https://your-domain.okta.com/oauth2/default/v1/token
+
+# # For Auth0, these would typtically be:
+# OIDC_AUTHORIZATION_ENDPOINT=https://your-domain.us.auth0.com/authorize
+# OIDC_TOKEN_ENDPOINT=https://your-domain.us.auth0.com/oauth/token
+
+OIDC_CLIENT_ID=oidc_client_1234567890abcdefEXAMPLE
+OIDC_CLIENT_SECRET=oidc_secret_a1b2c3d4e5f6g7h8i9j0k1l2m3n4oEXAMPLE
+OIDC_AUTHORIZATION_ENDPOINT=https://your-oidc-provider.com/oauth2/authorize
+OIDC_TOKEN_ENDPOINT=https://your-oidc-provider.com/oauth2/token
+OIDC_ISSUER=https://your-oidc-provider.com
+
+# 2. SAML 2.0 provider configuration: replace with your SAML provider's configuration
+# For Okta SAML, these would typically be:
+# OKTA_DOMAIN=your-domain.okta.com
+# OKTA_APP_ID=exkABCDEF123456789
+SAML_SSO_URL=https://example.com/saml/sso
+SAML_ENTITY_ID=urn:amazon:cognito:sp:us-east-1:a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
+SAML_PROVIDER=ExampleSAMLProvider
+SAML_PROVIDER_ARN=arn:aws:iam::123456789012:saml-provider/ExampleSAMLProvider
+
+# Custom developer provider configuration: replace with your custom developer provider name
+DEVELOPER_PROVIDER_NAME=ExampleDeveloperProvider
+AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
+AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY