AWS AppSync使用错误的Iam角色

时间:2018-05-02 22:15:20

标签: ios amazon-dynamodb amazon-cognito amazon-iam aws-appsync

我正在使用包括dynamodb和s3 with ios的服务来自定义登录用户池,联合身份使用这些用户池为经过身份验证和未经身份验证的用户提供角色。这非常有效。

然后,当我使用AWS AppSync时,我只是执行一个Mutation,我得到一个错误,说无法承担角色arn:aws:iam :: xxxxxxxxxx:role / xxxxxxxxx。这个arn:aws:iam:试图被AppSync使用的xxx / xxx角色不是我想要使用的角色,而iam角色与DynamoDb和s3因某些原因使用的角色不同,即使我是不改变代码中使用的任何类人猿。请参阅下面的示例代码。 

 func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplicationLaunchOptionsKey: Any]?) -> Bool {
// CognitoIdentityUserPoolId is the id of the federated identity from console. works fine with all services except for AppSync by wrong Iam role being chosen
  let serviceConfiguration = AWSServiceConfiguration(region: .USEast1, credentialsProvider: nil)

  let userPoolConfiguration = AWSCognitoIdentityUserPoolConfiguration(clientId: CognitoIdentityUserPoolAppClientId, clientSecret: CognitoIdentityUserPoolAppClientSecret, poolId: CognitoIdentityUserPoolId)

  AWSCognitoIdentityUserPool.register(with: serviceConfiguration, userPoolConfiguration: userPoolConfiguration, forKey: AWSCognitoUserPoolsSignInProviderKey)

  pool = AWSCognitoIdentityUserPool(forKey: AWSCognitoUserPoolsSignInProviderKey)

  let credentialsProvider = AWSCognitoCredentialsProvider(regionType: .USEast1, identityPoolId: CognitoIdentityUserPoolId, identityProviderManager:pool)

  let configuration = AWSServiceConfiguration(region:.USEast1, credentialsProvider:credentialsProvider)

  AWSServiceManager.default().defaultServiceConfiguration = configuration

  pool?.delegate = self

  return true 
}
// In SampleViewController
  // after user signs in
  let appSyncConfig = try AWSAppSyncClientConfiguration(url: AppSyncEndpointURL, serviceRegion: CognitoIdentityUserPoolRegion, userPoolsAuthProvider: self)

  // Initialize the AWS AppSync client
  self.appSyncClient = try AWSAppSyncClient(appSyncConfig: appSyncConfig)

  // Set id as the cache key for objects
  self.appSyncClient?.apolloClient?.cacheKeyForObject = { $0["id"] }

// later on in the file....
extension SampleViewController: AWSCognitoUserPoolsAuthProvider{
  func getLatestAuthToken() -> String {
    return (myUserSess?.idToken?.tokenString)!
  }
}

AWS AppSync尝试使用错误的Iam名称的任何帮助/原因?

1 个答案:

答案 0 :(得分:2)

你在哪里收到这条消息?在使用查询页面或客户端的控制台中?如果它在控制台中,那么问题可能在于您的数据源的IAM角色,并且可能有意义重新创建它或确保您拥有以下信任策略:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "appsync.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

如果它在客户端上,则错误可能是您初始化Cognito Identity提供程序或AppSync构造函数时。

相关问题
最新问题