我正尝试使用aws-ios-sdk中的AWSS3TransferManager将照片从iOS上传到s3。
我正在使用AWS cognito 开发人员身份验证身份,方法是使用boto3在django后端调用 GetOpenIdTokenForDeveloperIdentity 并将返回的令牌传递给iOS。我已经实现了继承自" AWSAbstractIdentityProvider"的身份提供程序,并设置了self.token和self.identityID字段,然后将我开发的实例化提供程序传递给" credentialsProvider"参数。
凭据提供程序在我创建的身份提供程序中实例化如下:
AWSCognitoCredentialsProvider *provider = [[AWSCognitoCredentialsProvider alloc]
initWithRegionType:AWSRegionUSEast1
identityProvider:self
unauthRoleArn:CognitoRoleUnauth
authRoleArn:CognitoRoleAuth];
CognitoRoleAuth是我创建的IAM角色的arn,其权限如下所示。紧接着是配置实例化。
AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:AWSRegionUSEast1 credentialsProvider:credentialsProvider];
然后我使用创建的配置来实例化" AWSS3TransferManager"具有以下代码的对象:
`AWSServiceConfiguration * configuration = [appDelegate getConfig];
AWSS3TransferManager *transMan = [[AWSS3TransferManager new] initWithConfiguration:configuration identifier:@"poster"];`
我在亚马逊认知中创建了一个标识池,并按照以下权限创建了一个角色:
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Sid": "Stmt15426553753",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::pics/auth"
}
]}
它还具有以下信任关系:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": "us-east-1:identityPoolID"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated"
}
}
}
]
}
每次我尝试拨打"上传"我都会收到此错误消息转让经理:
"未授权执行sts:AssumeRoleWithWebIdentity"
我不确定我做错了什么,但它可能与信任关系有关。有什么建议?请帮忙!