我遇到这个奇怪的错误禁止访问角色认知角色。
I'm getting this strange error Access to Role 'cognito role' is forbidden.
在这里创建云形成堆栈时,这就是我的云形成
while creating a cloud formation stack here is my cloud formation file in yaml format.
我基本上是在创建s3存储桶和cognito身份,以方便客户端访问我的存储桶,除了此错误之外,整个工作正常, b $ b禁止访问角色 phototest-cognitoRole-1AMKUVXUXAJ5H。 (服务:AmazonCognitoIdentity;状态代码:400;错误代码:NotAuthorizedException
I'm basically creating a s3 bucket and a cognito identity to facilate client side access to my bucket the whole thing is working fine except this error Access to Role 'phototest-cognitoRole-1AMKUVXUXAJ5H' is forbidden. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException
AWSTemplateFormatVersion: 2010-09-09资源:
photoBucket: Type: AWS::S3::Bucket Properties: BucketName: it-academy-photos-bucket CorsConfiguration: CorsRules: - AllowedHeaders: ['*'] AllowedMethods: [GET,POST,PUT] AllowedOrigins: ['*'] Id: myrules cognitoRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Federated: - "cognito-identity.amazonaws" Action: - sts:AssumeRoleWithWebIdentity Policies: - PolicyName: "photo_client_policy" PolicyDocument: Version: '2012-10-17' Statement: - Sid: VisualEditor1 Effect: Allow Action: - s3:PutObject - s3:GetObjectAcl - s3:GetObject - s3:GetObjectTorrent - s3:GetObjectVersionAcl - s3:PutObjectVersionTagging - s3:GetObjectTagging - s3:PutObjectTagging - s3:PutBucketCORS - s3:PutObjectAcl - s3:GetObjectVersion Resource: "*" cognitoIdentityPool: Type: AWS::Cognito::IdentityPool Properties: IdentityPoolName: "photo_bucket" AllowUnauthenticatedIdentities: true cognitoIdentityPoolRoleAttachment: Type: AWS::Cognito::IdentityPoolRoleAttachment Properties: IdentityPoolId: !Ref cognitoIdentityPool Roles: unauthenticated: !Ref cognitoRole推荐答案
我遇到了同样的问题,并且发现未经身份验证的角色需要Arn而不是逻辑ID。这应该可以解决问题:
I was having the same problem and figured out the unauthenticated role needs the Arn and not the logical ID. This should fix the issue:
cognitoIdentityPoolRoleAttachment: Type: AWS::Cognito::IdentityPoolRoleAttachment Properties: IdentityPoolId: !Ref cognitoIdentityPool Roles: unauthenticated: !GetAtt cognitoRole.Arn更多推荐
禁止访问角色“认知角色”
发布评论