Not authorized to perform sts:AssumeRoleWithWebIdentity AWS s3 Cognito auth failure

Question

I have a simple iOS app that uploads to s3. I\'m trying unauth all around- even though ideally I want to do Facebook.

2 IAM Roles (created using the wizard). The IAM au

Answer 1

looking at your code, it looks like you were using the "Auth" role arn:aws:iam::[id num]:role/Cognito_Auth_DefaultRole as your unauth role. By default Amazon Cognito creates roles that only trust the specific kind of access (unauthenticated and authenticated), hence the sts error when trying with unauthenticated access. This blog post goes over trust policies and understanding how Cognito uses them.

Switching to the simplified constructor should have fixed this for you, unless you also made the same association inside of the AWS console. Associating your roles in the console allows you to not embed your roles inside your application.

Also, if you want to use a bucket outside of the "US Standard" region, you would need to change this line:

AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:AWSRegionSAEast1
                                                                  credentialsProvider:credentialsProvider];

To reflect the region where the bucket resides.