发表新帖
发表新帖

AWS Cognito Invalid identity pool configuration

前端 未结
关注
7 790
半阙折子戏
半阙折子戏 2020-12-31 02:10

I am using the AWS Javascript API and trying to get the assigned cognito id:

AWS.config.credentials.get(function(err) {
    if (!err) {
        console.log(\
相关标签:
7条回答
  • 半阙折子戏
    2020-12-31 02:39

    Check the "Trust Relationship" section of the role that is assigned to your Identity Pool, authentication users. Make sure you have policies defining access to your Cognito pool.

    The easiest way to get the requirement policy statements is,

    1. Edit the pool
    2. Create new role for identity pool
    3. In IAM edit this role to copy the policy statements
    4. Add these Trust Relationships to your required existing role
    0 讨论(0)
  • 死守一世寂寞
    2020-12-31 02:39

    I checked the Trust Relationship of my roles configured for "Authenticated role" and "Unauthenticated role" for my identity pool more than once, but still the error occured. After reviewing my whole identity pool configuration I recognized that in

    • Authentication providers
      • Cognito
        • Authenticated role selection

    I have chosen "Choose role from token" and my wrong configured role was the one I attached to the cognito group for my users. So updating the Trust Relationship for this role fixed the problem.

    Hope this helps someone :)

    0 讨论(0)
  • 渐次进展
    2020-12-31 02:42

    The most common reason for this error is your roles aren't set up to trust your identity pool. You should confirm that the identity pool id listed in your trust relationships matches the identity pool you are using.

    More info on trust relationships in Amazon Cognito can be found in our developer guide.

    0 讨论(0)
  • 隐瞒了意图╮
    2020-12-31 02:47

    Another - probably less common - reason: Make sure that you are actually using an identity pool and if not, remove the identity pool id from your aws-exports.js.

    I was getting this error after adding federated sign ins to my user pool (not identity pool). For reasons unknown my config included an aws_cognito_identity_pool_id. Removing this id solved the error for me.

    0 讨论(0)
  • 佛祖请我去吃肉
    2020-12-31 02:51

    In my case, I am using SAML identity provider. The action in the IAM role policy should be: "Action": "sts:AssumeRoleWithSAML". But this is the root cause of the exception. I have to manually change it to "Action": "sts:AssumeRoleWithWebIdentity". It turns out any role created by the Cognito identity pool will use "Action": "sts:AssumeRoleWithWebIdentity". It won't check your identity provider type. I believe this is a bug.

    0 讨论(0)
  • 说谎
    2020-12-31 02:52

    I encountered this error and my problem turned out to be that my user was assuming an unauthenticated role because I was returning AWSTask(result:nil) from the logins() function in my custom CognitoDeveloperIdentityProvider.

    0 讨论(0)
 看不清?
提交回复
热议问题