Question

我想直接从角度js上的浏览器将对象放到AWS S3上为此，我使用了cognito开发人员身份验证。我从我的rails服务器获得了cognito身份标识和令牌。

使用该令牌（我认为它是有效的），我的放置操作将从AWS S3中被拒绝：登录令牌无效。
我不知道为什么......

这是我的代码。

AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
  AccountId: '0000',
  IdentityPoolId: 'us-east-1:0000-0000-0000',
  RoleArn: 'arn:aws:iam::0000:role/myRoleName',
  Logins: {
    'cognito-identity.amazonaws.com': 'token from cognito.get_open_id_token_for_developer_identity'
  }
});
var bucket = new AWS.S3({ params: { Region: 'ap-northeast-1', Bucket: 'my bucket name' }});

（0000部分只是样品）
我想知道来自cognito.get_open_id_token_for_developer_identity的没有＃identity; id＆id; 的空间。
配置区域和s3区域不同因为我使用东京S3但是使用了n.virginia Cognito。

++我在我的角色（myRoleName）中添加了对托管策略的s3完全访问权限，并将以下设置添加到内联策略。（我还在内联政策中添加了以下设置＆＃39;资源*版本）

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "0000",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::myBucketName"
            ]
        }
    ]
}

Answer 1

It looks like you are trying to use the "Basic authflow". Here is a link to our documentation on auth flows: http://docs.aws.amazon.com/cognito/devguide/identity/concepts/authentication-flow/#developer-authenticated-identities-authflow This is not using the token you are providing in the logins map. I recommend using the "Enhanced authflow". To do this: (1) Make sure your identity pool is configured with the roles you wish your users to use: http://docs.aws.amazon.com/cognito/devguide/identity/concepts/iam-roles/ (2) Remove the AccountId and RoleArn arguments to the identity constructor.

AWS Cognito使用Developer身份验证中的令牌无效登录令牌错误

1 个答案: