diff --git a/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb b/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb
index 730576a9f69..e8250d63a78 100644
--- a/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb
+++ b/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb
@@ -73,6 +73,15 @@ class Handler < Seahorse::Client::Handler
           AssumeRoleWithWebIdentity
         ))
 
+        COGNITO_IDENTITY_UNSIGNED_REQUESTS = Set.new(%w(
+          GetCredentialsForIdentity
+          GetId
+          GetOpenIdToken
+          ListIdentityPools
+          UnlinkDeveloperIdentity
+          UnlinkIdentity
+        ))
+
         def call(context)
           sign_authenticated_requests(context) unless unsigned_request?(context)
           @handler.call(context)
@@ -105,6 +114,8 @@ def unsigned_request?(context)
             STS_UNSIGNED_REQUESTS.include?(context.operation.name)
           elsif context.config.api.metadata['endpointPrefix'] == 'cloudsearchdomain'
             context.config.credentials.nil? || !context.config.credentials.set?
+          elsif context.config.api.metadata['endpointPrefix'] == 'cognito-identity'
+            COGNITO_IDENTITY_UNSIGNED_REQUESTS.include?(context.operation.name)
           else
             false
           end