@aws-cdk/aws-cognito-identitypool-alpha: allowUnauthenticatedIdentities still creates IAM role

[markmansur]

Describe the bug

Hello!

When creating an IdentityPool that I only want authenticated users to access I set allowUnauthenticatedIdentities to false. However, this still ends up creating an IAM role for unauthenticated users, eventhough I specified I don't need it and it's not required.

Expected Behavior

When setting allowUnauthenticatedIdentities to false, an IAM role for unauthenticated users should not be synthesized.

Current Behavior

When setting allowUnauthenticatedIdentities to false, an IAM role for unauthenticated users is being synthesized.

Reproduction Steps

const stack = new Stack();
const identityPool = new IdentityPool(stack, 'TestIdentityPool');

Possible Solution

Check if allowUnauthenticatedIdentities is false. If so, do not synthesize the unauthenticated IAM role.

Additional Information/Context

No response

CDK CLI Version

2.78.0

Framework Version

No response

Node.js Version

16.16.0

OS

MacOS

Language

Typescript

Language Version

No response

Other information

No response

[pahud]

Yes I believe we should fix this:

aws-cdk/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts

Line 433 in b76c182

this.unauthenticatedRole = props.unauthenticatedRole ? props.unauthenticatedRole : this.configureDefaultRole('Unauthenticated');

Are you interested to submit a PR for that?

[markmansur]

Yeah I'll submit a PR

[TheRealAmazonKendra]

A redesign of this is in progress.

[markmansur]

Okay, I'll wait for that. Is there a tracking issue?

[markmansur]

#25204?