getOpenIdTokenForDeveloperIdentity:“这些凭据对于访问此资源无效”

时间:2016-04-08 07:22:23

标签: amazon-web-services aws-lambda amazon-cognito

我已使用自定义开发者提供程序名称“my.developer”设置了Cognito Identity Pool。从我的Node Lambda函数中,我调用以下代码:

AWS.config.region = 'ap-northeast-1'; // Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: 'ap-northeast-1:*****'  // I am using a valid UUID here
});
var cognitoidentity = new AWS.CognitoIdentity();

var params = {
    IdentityPoolId: 'ap-northeast-1:*****',
    Logins: { 'my.developer': 'test-user' }
};
cognitoidentity.getOpenIdTokenForDeveloperIdentity(params,
    function(err, data) {
        console.log('error:', err);
        console.log('data:', data);
    }
);

...当我测试函数时,我收到错误:

{
  "errorMessage": "These credentials are not valid for accessing this resource",
  "errorType": "AccessDeniedException",
  "stackTrace": [
    "Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:43:27)",

我有Cognito_Unauth_Role和Cognito_Auth_Role,它们都类似:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "mobileanalytics:PutEvents",
                "cognito-sync:*",
                "cognito-identity:*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

......我错过了什么?

2 个答案:

答案 0 :(得分:1)

确保Lambda函数的执行角色( Cognito_Unauth_Role,Cognito_Auth_Role,但Lambda函数在执行时使用的角色)具有足够的Cognito服务权限。一个示例政策是:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cognito-sync:*",
                "cognito-identity:*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

答案 1 :(得分:0)

错误消息:

  

“ errorMessage”:“这些凭据对于访问此资源无效”

表示此处的这些凭据应该是供开发人员访问的凭据。因此应该是带有access keysecret key的基本凭据。

相关问题
最新问题