使用AWS Cognito开发者身份从我的ios应用程序获得对DynamoDB的完全访问权限

我已实施AWS Lambda函数并使用网关返回填充数据：

I have implemented a AWS Lambda function and used the gateway to return the fulling data:

var param =
{
    IdentityPoolId: "actualIdentityPoolId",
    Logins: {} // To have provider name in a variable
};
param.Logins["com.testing.userLogin"] = userId;

cognitoidentity.getOpenIdTokenForDeveloperIdentity(param,
function(err, data)
{
    if (err) return fn(err); // an error occurred
    else fn(null, data.IdentityId, data.Token); // successful response
});

因此identityId和令牌会被发送回ios设备。在我的设备中，我尝试连接到AWS DynamoDB表但访问被拒绝。如何使用identityId和token来访问表？

So the identityId and token get sent back to the ios device. In my device I try to connect to an AWS DynamoDB table but access is denied. How do I use the identityId and token to gain access to the tables?

我在IAM中为Unauth设置了角色，拒绝了Dydnamo和Auth，它可以访问这些表通过其政策。

I have set up roles in IAM for Unauth which denies Dydnamo and Auth which gives access to the tables through its policies.

我正在尝试使用以下方式实施身份验证： http://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html

I am trying to implement authentication using: http://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html

我看到有两个流程是Basic和Enhanced。文档说大多数用户将使用增强型流程并实现GetCredentialForIdentity。

I see there are two flows which are Basic and Enhanced. The documentation says most users will use the enhanced flow and that implements GetCredentialForIdentity.

如何在我的ios代码中实现，以便我可以将我的角色从unauth切换到auth和可以访问dynamodb？这种访问会持续多久？我想在我的ios代码中执行此操作，而不是使用lambda或其他类似的东西。

How is that implemented in my ios code so that I can switch my role from unauth to auth and can access to dynamodb? How long will this access last? I would like to do this all in my ios code instead of using lambda or something else like that.