我尝试使用PHP SDK实现开发人员身份验证,但不断收到此错误:
致命错误:未捕获 Aws \ CognitoIdentity \ Exception \ CognitoIdentityException:AWS错误 代码:AccessDeniedException,状态代码:400,AWS Request ID: da162f98-fb50-11e4-937e-0bf2642a4752,AWS错误类型:客户端,AWS 错误消息:用户:arn:aws:iam :: 256661818246:用户/测试人员不是 授权执行: cognito-identity:资源上的GetOpenIdTokenForDeveloperIdentity: 阿尔恩:AWS:cognito身份:美国东部-1:256661818246:identitypool /美东1:69767873-2de2-4cc7-A78F-3d18b5e9bf71, User-Agent:aws-sdk-php2 / 2.8.3 Guzzle / 3.9.3 curl / 7.20.0 PHP / 5.3.6 投入 /var/www/html/aws/Aws/Common/Exception/NamespaceExceptionFactory.php 在第91行
这是我的示例代码:
<?php
session_start();
//Include AWS client libs
require (dirname(__DIR__).'/aws/aws-autoloader.php');
use Aws\CognitoIdentity\CognitoIdentityClient;
use Aws\Sts\StsClient;
/* Global Vars */
$aws_region = 'us-east-1';
$aws_key = '<AWS_KEY>';
$aws_secret = '<AWS_SECRET>';
$aws_account_id = '<AWS_ACCOUNT_ID>';
$identity_pool_id = 'us-east-1:xxxx-xxxx-xxxx-xxxx';
//Initialize a Cognito Identity Client using the Factory
$client = CognitoIdentityClient::factory(array('region' => $aws_region, 'key' => $aws_key, 'secret' => $aws_secret));
/* Acquire new Identity */
$identity = $client->getOpenIdTokenForDeveloperIdentity(array('IdentityPoolId' => $identity_pool_id, 'Logins' => array('login.custom.traffic' => 'jkljkasdjk')));
//Obtain Identity from response data structure
$id = $identity->get('IdentityId');
echo "IdentityId: ".$id;
?>
我怀疑在尝试获取开发者身份时发生了错误。我错过了什么?
答案 0 :(得分:4)
此错误背后的原因是IAM用户'测试人员'可能没有附加策略。 您可以从IAM控制台附加已存在的策略“AmazonCognitoDeveloperAuthenticatedIdentities”,该策略允许此用户访问Cognito API,包括“getOpenIdTokenForDeveloperIdentity”。