search

aws-amplify / aws-sdk-android

AWS SDK for Android. For more information, see our web site:
https://docs.amplify.aws
Other
1.03k stars 549 forks source link

Create Thing: Unauthenticated access is not supported for this identity pool. #3615

Closed mbahmani90 closed 2 months ago

mbahmani90 commented 2 months ago

Hi,

Hope you are all well.

I want to create thing via android kotlin.

Kotlin Code:

    fun initAWSIotClient(context: Context) {
        val credentialsProvider = CognitoCachingCredentialsProvider(
            context,
            "MY_USER_POOL_ID",
            MY_REGION 
        )
        iotClient = AWSIotClient(credentialsProvider)

        createThing("MyNewThing")
    }

    private fun createThing(thingName: String) {
        Thread {
            try {
                val createThingRequest = CreateThingRequest()
                createThingRequest.thingName = thingName

                val createThingResult = iotClient.createThing(createThingRequest)
                app.l("Thing created: ${createThingResult.thingName}")
            } catch (e: Exception) {
                app.l("Error creating thing: $e")
            }

        }.start()
    }

However, I receive error:

Failure to get credentials

com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Unauthenticated access is not supported for this identity pool. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: xxxxx)

I also added different permissions to the IAM role like AWSIoTFullAccess, AWSIoTThingsRegistration, and test custom policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iot:CreateThing",
                "iot:DescribeThing",
                "iot:DeleteThing"
            ],
            "Resource": "*"
        }
    ]
}

I have also check Cognito -> user pool -> user access and the role has been applied there. However, the error persists. Do you know how I should solve the error?

Thank you.

tylerjroach commented 2 months ago

@mbahmani90 I believe this ticket is meant for https://github.com/aws-amplify/aws-sdk-android. Can you confirm the AWS dependencies and IoT library being used so we can assign this properly.

mbahmani90 commented 2 months ago

Thank you for your response:

Depencenceis:


    implementation 'com.amazonaws:aws-android-sdk-iot:2.75.2'
    implementation 'com.amazonaws:aws-android-sdk-mobile-client:2.75.2'

    implementation 'com.amplifyframework:core:2.16.0'
    implementation 'com.amplifyframework:aws-api:2.16.0'
    implementation 'com.amplifyframework:aws-datastore:2.16.0'

    implementation 'com.amazonaws:aws-android-sdk-ddb:2.73.0'
    implementation 'com.amazonaws:aws-android-sdk-mobile-client:2.75.2'
    implementation 'com.amazonaws:aws-android-sdk-auth-core:2.75.2'

    implementation 'com.amazonaws:aws-android-sdk-cognitoidentityprovider:2.75.2'

    implementation 'com.amplifyframework:aws-auth-cognito:2.16.0'
    implementation("io.github.jan-tennert.supabase:postgrest-kt:0.7.6")
    implementation("io.ktor:ktor-client-cio:2.3.3")

    implementation 'com.amplifyframework:aws-storage-s3:2.16.0'

    implementation("aws.sdk.kotlin:dynamodb:1.0.30")
    implementation("aws.sdk.kotlin:secretsmanager:1.0.30")
    implementation("aws.smithy.kotlin:http-client-engine-okhttp:1.0.11")
    implementation("aws.smithy.kotlin:http-client-engine-crt:0.30.0")

    implementation 'aws.sdk.kotlin:aws-core:1.0.44'
tylerjroach commented 2 months ago

@mbahmani90 Please see our compatibility statement and steps to use the AWS Android SDK IoT library with Amplify v2. https://docs.amplify.aws/gen1/android/sdk/configuration/amplify-compatibility/

You will need to remove com.amazonaws:aws-android-sdk-mobile-client entirely from the project as this library conflicts with Amplify credentials and will cause continuous credential clearing. I see it listed multiple times in that list so please make sure it is removed entirely.

mbahmani90 commented 2 months ago

I removed com.amazonaws:aws-android-sdk-mobile-client but again I received the same error.

According to https://github.com/aws-amplify/amplify-js/issues/1089

I activated the guest access: Cognito -> identity pool -> User Access -> Guest access -> Activate

then I open the guest role and I added this permission:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iot:CreateThing",
                "iot:DescribeThing",
                "iot:DeleteThing",
                "iot:AttachPolicy",
                "iot:CreateKeysAndCertificate",
                "cognito-identity:*",
                "cognito-sync:*",
                "sts:AssumeRole"
            ],
            "Resource": "*"
        }
    ]
}

And it works. Hopefully It would be secure enough!

mbahmani90 commented 2 months ago

Again thank you Tyler for your support!

tylerjroach commented 2 months ago

Did you implement the Amplify Credentials Provider (https://docs.amplify.aws/gen1/android/sdk/configuration/amplify-compatibility/#creating-an-amplifycredentialsprovider), instead of the CognitoCachingCredentialsProvider?

mbahmani90 commented 2 months ago

Perfect!!!!

Now I understood what is AmplifyCredentialsProvider.

It works. 👍

tylerjroach commented 2 months ago

Great to hear!