问题
I have created one user pool & identity pool.
I have used javascript sdk.
I am able to signup, send confirmation code & confirm user successfully with javascript sdk.
But when i try to sign in user with authenticate method & try to get credentials with "CognitoIdentityCredentials" by passing idToken with below code
logins[cognitoEndpoint + "/" + userPoolId] = jwtToken;
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: identityPoolId,
Logins: logins
});
it's giving me below error
Error: Invalid identity pool configuration. Check assigned IAM roles for this pool.
at Request.extractError (aws-sdk.js:104063)
at Request.callListeners (aws-sdk.js:106060)
at Request.emit (aws-sdk.js:106034)
at Request.emit (aws-sdk.js:105121)
at Request.transition (aws-sdk.js:104843)
at AcceptorStateMachine.runTo (aws-sdk.js:108480)
at aws-sdk.js:108492
at Request.<anonymous> (aws-sdk.js:104859)
at Request.<anonymous> (aws-sdk.js:105123)
at Request.callListeners (aws-sdk.js:106070)
I have given administrator access to "Unauthenticated role" & "Unauthenticated role" of identity pool and to user whose credentials i am using.
I am new to aws. Can anyone tell me what am i missing?
Any help would be appreciated.
回答1:
Check that the role you have assigned in Cognito Identity Pools (Federated Identities), has a trust relationship with the identity pool.
Get the identity pool ID + the name of the role that isn't working. To do this:
- Go to Cognito
- Select Manage Federated Identities
- Select the identity pool
- Click Edit identity pool (top right)
- Make a note of the identity pool ID
- Make a note of the name of the role that isn't working (e.g. Cognito_blahUnauth_Role
In IAM, check the trust relationship for the role. Ensure that the StringEquals condition value matches the identity pool ID.
To do this:
- Go to IAM
- Click Roles
- Click the name of the role that you noted previously
- Click Trust relationships
- On the right under Conditions, check the StringEquals condition contains the identity pool Id that you noted previously.
Edit the trust relationship to fix.
回答2:
What you're trying to access here are "Cognito Federated Identity" credentials, which is a separate AWS product to "Cognito User Pools". In-order to retrieve these credentials, you need to connect your User Pool to your Federated Identity Pool.
Perhaps this link will help: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html
Also, I would remove admin access from Unauthenticated permissions, it means anyone with your details has control of your AWS account.
回答3:
When you create role in IAM and choose identity provider, make sure you don't choose user pool id, instead, you have to choose identity pool id.
来源:https://stackoverflow.com/questions/44043289/aws-invalid-identity-pool-configuration-check-assigned-iam-roles-for-this-poo