我已使用自定义开发者提供程序名称“my.developer”设置了Cognito Identity Pool。从我的Node Lambda函数中,我调用以下代码:
AWS.config.region = 'ap-northeast-1'; // Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'ap-northeast-1:*****' // I am using a valid UUID here
});
var cognitoidentity = new AWS.CognitoIdentity();
var params = {
IdentityPoolId: 'ap-northeast-1:*****',
Logins: { 'my.developer': 'test-user' }
};
cognitoidentity.getOpenIdTokenForDeveloperIdentity(params,
function(err, data) {
console.log('error:', err);
console.log('data:', data);
}
);
...当我测试函数时,我收到错误:
{
"errorMessage": "These credentials are not valid for accessing this resource",
"errorType": "AccessDeniedException",
"stackTrace": [
"Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:43:27)",
我有Cognito_Unauth_Role和Cognito_Auth_Role,它们都类似:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*",
"cognito-identity:*"
],
"Resource": [
"*"
]
}
]
}
......我错过了什么?
答案 0 :(得分:1)
确保Lambda函数的执行角色(不 Cognito_Unauth_Role,Cognito_Auth_Role,但Lambda函数在执行时使用的角色)具有足够的Cognito服务权限。一个示例政策是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cognito-sync:*",
"cognito-identity:*"
],
"Resource": [
"*"
]
}
]
}
答案 1 :(得分:0)
错误消息:
“ errorMessage”:“这些凭据对于访问此资源无效”
表示此处的这些凭据应该是供开发人员访问的凭据。因此应该是带有access key和secret key的基本凭据。