diff --git a/CHANGELOG.md b/CHANGELOG.md
index 44c19cd9a8c..5b10340b8e6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,18 @@ Unreleased Changes
 
   See [related GitHub pull request #873](https://github.com/aws/aws-sdk-ruby/pull/873)
 
+* Feature - Aws::CognitoIdentity - The following operations can now be called from
+  Aws::CognitoIdentity::Client without credentials:
+
+  * `#get_credentialsForIdentity`
+  * `#get_id`
+  * `#get_open_id_token`
+  * `#list_identity_pools`
+  * `#unlink_developer_identity`
+  * `#unlink_identity`
+
+  See [related GitHub pull request #862](https://github.com/aws/aws-sdk-ruby/pull/862)
+
 2.1.7 (2015-07-14)
 ------------------
 
diff --git a/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb b/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb
index 730576a9f69..e8250d63a78 100644
--- a/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb
+++ b/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb
@@ -73,6 +73,15 @@ class Handler < Seahorse::Client::Handler
           AssumeRoleWithWebIdentity
         ))
 
+        COGNITO_IDENTITY_UNSIGNED_REQUESTS = Set.new(%w(
+          GetCredentialsForIdentity
+          GetId
+          GetOpenIdToken
+          ListIdentityPools
+          UnlinkDeveloperIdentity
+          UnlinkIdentity
+        ))
+
         def call(context)
           sign_authenticated_requests(context) unless unsigned_request?(context)
           @handler.call(context)
@@ -105,6 +114,8 @@ def unsigned_request?(context)
             STS_UNSIGNED_REQUESTS.include?(context.operation.name)
           elsif context.config.api.metadata['endpointPrefix'] == 'cloudsearchdomain'
             context.config.credentials.nil? || !context.config.credentials.set?
+          elsif context.config.api.metadata['endpointPrefix'] == 'cognito-identity'
+            COGNITO_IDENTITY_UNSIGNED_REQUESTS.include?(context.operation.name)
           else
             false
           end
diff --git a/aws-sdk-core/spec/aws/cognito_identity/client_spec.rb b/aws-sdk-core/spec/aws/cognito_identity/client_spec.rb
new file mode 100644
index 00000000000..6586efcd08e
--- /dev/null
+++ b/aws-sdk-core/spec/aws/cognito_identity/client_spec.rb
@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+module Aws
+  module CognitoIdentity
+    describe Client do
+
+      let(:client) { Client.new(stub_responses: true, validate_params: false) }
+
+      Plugins::RequestSigner::Handler::COGNITO_IDENTITY_UNSIGNED_REQUESTS.each do |operation_name|
+        Seahorse::Util.underscore(operation_name).tap do |method_name|
+
+          it "does not sign calls to #{method_name}" do
+            resp = client.send(method_name, {})
+            expect(resp.context.http_request.headers['Authorization']).to be(nil)
+          end
+
+        end
+      end
+    end
+  end
+end