Closed Xander567 closed 5 years ago
I keep getting the error in the above title. I found another issue with this same problem, but can't solve it. I've got an identity pool, 1 role (assigned to authenticated and unauthenticated) with the following trust settings { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" }, { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity" }, { "Effect": "Allow", "Principal": { "Service": "cognito-idp.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity" }, { "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "cognito-identity.amazonaws.com:aud": "my-identity-pool-id" }, "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "authenticated" } } } ] }
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" }, { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity" }, { "Effect": "Allow", "Principal": { "Service": "cognito-idp.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity" }, { "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "cognito-identity.amazonaws.com:aud": "my-identity-pool-id" }, "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "authenticated" } } } ] }
The role has one policy attached { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "iam:*", "cognito-identity:*", "lambda:*", "mobileanalytics:PutEvents", "sts:*", "cognito-idp:*", "cognito-sync:*" ], "Resource": "*" } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "iam:*", "cognito-identity:*", "lambda:*", "mobileanalytics:PutEvents", "sts:*", "cognito-idp:*", "cognito-sync:*" ], "Resource": "*" } ] }
Gone for the "see what sticks" approach and so far, no luck. Am i missing something?
{ token: 'big-token-with-token_use-set-to-id', provider: 'cognito-idp.eu-west-1.amazonaws.com/user-pool-id', IdentityPoolId: 'identity-pool-id-same-as-above' }
This is the params object that gets passed into getCredentialsForIdentity() in a lambda function. Does the lambda functions IAM role need changing?
Apologies for the crap formatting. When i posted it, it was all neatly whitespaced.
Had to delete the identities listed in the browse identities part of the identity pool.
I keep getting the error in the above title. I found another issue with this same problem, but can't solve it. I've got an identity pool, 1 role (assigned to authenticated and unauthenticated) with the following trust settings
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" }, { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity" }, { "Effect": "Allow", "Principal": { "Service": "cognito-idp.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity" }, { "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "cognito-identity.amazonaws.com:aud": "my-identity-pool-id" }, "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "authenticated" } } } ] }
The role has one policy attached
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "iam:*", "cognito-identity:*", "lambda:*", "mobileanalytics:PutEvents", "sts:*", "cognito-idp:*", "cognito-sync:*" ], "Resource": "*" } ] }
Gone for the "see what sticks" approach and so far, no luck. Am i missing something?
{ token: 'big-token-with-token_use-set-to-id', provider: 'cognito-idp.eu-west-1.amazonaws.com/user-pool-id', IdentityPoolId: 'identity-pool-id-same-as-above' }
This is the params object that gets passed into getCredentialsForIdentity() in a lambda function. Does the lambda functions IAM role need changing?