以编程方式创建Cognito身份池-AccessDeniedException

时间:2019-07-15 12:08:06

标签: javascript amazon-web-services aws-sdk amazon-cognito aws-sdk-js

我正在尝试使用aws-sdk for javascript创建一个身份池。这是我创建池的代码:

const defaultCognitoIdentityPoolConfig = {
  AllowUnauthenticatedIdentities: true,
};

const createUserIDPoolConfig = (defaultConfig, poolName, userPoolId, appClientId) => {
  return {
    IdentityPoolName: poolName,
    CognitoIdentityProviders: [
      {
        ClientId: appClientId,
        ProviderName: `cognito-idp.us-west-2.amazonaws.com/${userPoolId}`,
        ServerSideTokenCheck: true,
      },
    ],
    SupportedLoginProviders: {
      [`cognito-idp.us-west-2.amazonaws.com/${userPoolId}`]: appClientId,
    },
    ...defaultConfig,
  };
};

const getCognitoIDClient = async () => {
  const credentials = Auth.essentialCredentials(await Auth.currentCredentials());
  return new AWS.CognitoIdentity({
    apiVersion: '2014-06-30',
    accessKeyId: credentials.accessKeyId,
    secretAccessKey: credentials.secretAccessKey,
    sessionToken: credentials.sessionToken,
    region: 'us-west-2',
    sslEnabled: true,
  });
};

const cognitoIDClient = await getCognitoIDClient();
const createIDPoolResult = await cognitoIDClient.createIdentityPool(createUserIDPoolConfig(defaultCognitoIdentityPoolConfig,`POOL_NAME`,createUserPoolResult.UserPool.Id,createAppClientResult.UserPoolClient.ClientId)).promise();

我正在尝试创建以身份验证用户身份登录的池。由Cognito用户池验证并由身份池角色授权。这是附加到已登录用户的IAM策略:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "cognito-identity:*",
                "cognito-idp:CreateUserPoolClient",
                "cognito-idp:CreateUserPool"
            ],
            "Resource": "*"
        }
    ]
}

我得到:AccessDeniedException:这些凭据对于访问此资源无效。

Error Message

我还尝试在创建Cognito身份客户端对象时使用凭据属性,但遇到相同的错误。

谁能看到我要去哪里错了?

0 个答案:

没有答案
相关问题
最新问题