AWS : Invalid identity pool configuration. Check assigned IAM roles for this pool

Question

I have created one user pool & identity pool.

I have used javascript sdk.

I am able to signup, send confirmation code & confirm user successfully with j

Answer 1

I have had similar error, resolved it by adding the below in the trust policy

Note: You should include sts:TagSession in the IAM role’s trust policy before enabling this feature.

Answer 2

Check that the role you have assigned in Cognito Identity Pools (Federated Identities), has a trust relationship with the identity pool.

Get the identity pool ID + the name of the role that isn't working. To do this:

• Go to Cognito
• Select Manage Federated Identities
• Select the identity pool
• Click Edit identity pool (top right)
• Make a note of the identity pool ID
• Make a note of the name of the role that isn't working (e.g. Cognito_blahUnauth_Role

In IAM, check the trust relationship for the role. Ensure that the StringEquals condition value matches the identity pool ID.

To do this:

• Go to IAM
• Click Roles
• Click the name of the role that you noted previously
• Click Trust relationships
• On the right under Conditions, check the StringEquals condition contains the identity pool Id that you noted previously.

Edit the trust relationship to fix.

Answer 3

What you're trying to access here are "Cognito Federated Identity" credentials, which is a separate AWS product to "Cognito User Pools". In-order to retrieve these credentials, you need to connect your User Pool to your Federated Identity Pool.

Perhaps this link will help: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html

Also, I would remove admin access from Unauthenticated permissions, it means anyone with your details has control of your AWS account.

Answer 4

When you create role in IAM and choose identity provider, make sure you don't choose user pool id, instead, you have to choose identity pool id.

Answer 5

I had this error working with amplify. I noticed that the error appeared after I created Cognito User Roles from amplify cli. What I did was, delete these roles from CLI and create again from AWS Console and it worked fine!