CognitoIdentityError when signed into Cognito, trying to upload via S3TransferUtility

[thomers]

State your question I'm having problems uploading a file from an iOS client via S3TransferUtility.

Context: I am upgrading from previous SDK versions, using a Mobile Hub generated setup of Cognito, S3 "User Files" (with private/protected/public/uploads structure), replacing the code from AWSUserFileManager with the new S3TransferUtility and the updated AWSMobileClient.

So, with the previous SDK 2.6.x setup, the upload for a logged in user has worked without problems !

The upload code (with the previous version commented out below).

"data" is an UIImage, "awsKey" is "protected/us-XXXX-X:XXXXXXXXX-XXXX-XXXXXX-XXX-XXXX/image.jpg" "contentType" is "image/jpeg"

- (AnyPromise *) prUploadFileData:(NSData *) data
                           awsKey:(NSString *) awsKey
                      contentType:(NSString *) contentType {
    return [AnyPromise promiseWithResolverBlock:^(PMKResolver resolve) {

        // AWS upload code taken from AWS Example
        // see https://github.com/awslabs/aws-sdk-ios-samples/blob/master/S3TransferUtility-Sample/Objective-C/S3BackgroundTransferSampleObjC/FirstViewController.m

        //Create the completion handler for the transfer
        AWSS3TransferUtilityUploadCompletionHandlerBlock completionHandler = ^(AWSS3TransferUtilityUploadTask *task, NSError *error) {
            if (error) {
                DLogError(@"Upload for %@ failed: %@", awsKey, error);
                resolve(error);

            } else {
                DLogDebug(@"Upload for %@ success!", awsKey);
                resolve(nil);
            }
        };

        //Create the TransferUtility expression and add the progress block to it.
        //This would be needed to report on progress tracking
        AWSS3TransferUtilityUploadExpression *expression = [AWSS3TransferUtilityUploadExpression new];
        expression.progressBlock = ^(AWSS3TransferUtilityTask *task, NSProgress *progress) {
            DLogDebug(@"Upload progress %f", progress.fractionCompleted);
        };

        AWSS3TransferUtility *transferUtility = [AWSS3TransferUtility defaultS3TransferUtility];
        [[transferUtility uploadData:data
                                 key:awsKey
                         contentType:contentType
                          expression:expression
                   completionHandler:completionHandler]

         continueWithBlock:^id(AWSTask *task) {

             if (task.error) {
                 DLogError(@"Upload error: %@", task.error);
                 resolve(task.error);
                 return nil;
             }

             if (task.result) {
                 DLogDebug(@"Upload result: %@", task.result);
                 dispatch_async(dispatch_get_main_queue(), ^{
                     // update UI?
                     // self.statusLabel.text = @"Uploading...";
                 });
                 resolve(nil);
                 return nil;
             }

             return nil;
         }];

        /*
        AWSUserFileManager *manager = [AWSUserFileManager defaultUserFileManager];
        AWSLocalContent *localContent = [manager localContentWithData:data key:awsKey];
        [localContent uploadWithPinOnCompletion:YES
                                  progressBlock:^(AWSLocalContent *content, NSProgress *progress) {
         // Show progress in UI.
                                      //DLogDebug(@"Progress: %@", progress);
                                  }
                              completionHandler:^(AWSContent *content, NSError *error) {
                                  if (error) {
                                      DLogDebug(@"User Data Storage Upload Error: %@", error);
                                      resolve(error);
                                  } else {
                                      DLogDebug(@"User Data Storage Upload Complete. Content: %@", content);
                                      // TODO decide if we can really remove this:
                                      // [content getRemoteFileURLWithCompletionHandler:^(NSURL * _Nullable url, NSError * _Nullable error)
                                      resolve(content);
                                  }
                              }
         ];
        resolve(nil);
         */
    }];

}

This is called some time after the user has successfully logged in via AWSMobileClient.

As far as I can tell, the AWSS3TransferUtility has been initialized properly, with the correct region, and the AWSMobileClient as CredentialsProvider.

The "transferUtility uploadData" fails with this error:

Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=5 "(null)" UserInfo=    {__type=InvalidIdentityPoolConfigurationException, message=Invalid identity pool     configuration. Check assigned IAM roles for this pool.}

I have checked the IAM roles, they have been unchanged from the previous working setup.

UPDATE: Some more logs:

Temporary dir Path is /Users/X/Library/Developer/CoreSimulator/Devices/891E28AE-F47E-48BA-8511-42258E0AB92A/data/Containers/Data/Application/2A54B99B-4086-490A-8396-E23CE7B04C8A/Library/Caches/S3TransferUtility
2019-03-26 12:53:37:452 [85152:1122652] Transfer Utility Database Path: [/Users/X/Library/Developer/CoreSimulator/Devices/891E28AE-F47E-48BA-8511-42258E0AB92A/data/Containers/Data/Application/2A54B99B-4086-490A-8396-E23CE7B04C8A/Library/Caches/S3TransferUtility/com/amazonaws/AWSS3TransferUtility/transfer_utility_database]
2019-03-26 12:53:37:454 [85152:1122652] In Recovery for TU Session [com.amazonaws.AWSS3TransferUtility.Default.Identifier]
2019-03-26 12:53:37:457 [85152:1122652] Value of timeoutIntervalForResource is 3000
2019-03-26 12:53:37:469 [85152:1124312] Request headers:
{
   "Content-Type" = "application/x-amz-json-1.1";
   Host = "cognito-identity.us-east-2.amazonaws.com";
   "User-Agent" = "aws-sdk-iOS/2.9.2 iOS/12.1 en_US MobileHub/1.0";
   "X-Amz-Date" = 20190326T115337Z;
   "X-Amz-Target" = "AWSCognitoIdentityService.GetCredentialsForIdentity";
}
2019-03-26 12:53:37:469 [85152:1124312] Request body:
{"Logins":{"cognito-idp.us-east-2.amazonaws.com\/us-east-2_XXXXXXX":"(redacted))"},"IdentityId":"us-east-2:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"}
2019-03-26 12:53:37:702 [85152:1124800] Response headers:
{
   "Content-Length" = 143;
   "Content-Type" = "application/x-amz-json-1.1";
   Date = "Tue, 26 Mar 2019 11:53:37 GMT";
   "x-amzn-errormessage" = "Invalid identity pool configuration. Check assigned IAM roles for this pool.";
   "x-amzn-errortype" = "InvalidIdentityPoolConfigurationException:";
   "x-amzn-requestid" = "ca726a60-4fbd-11e9-80b1-51aafa66d07c";
}
2019-03-26 12:53:37:702 [85152:1124800] Response body:
{"__type":"InvalidIdentityPoolConfigurationException","message":"Invalid identity pool configuration. Check assigned IAM roles for this pool."}
2019-03-26 12:53:37:702 [85152:1124800] GetCredentialsForIdentity failed. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=5 "(null)" UserInfo={__type=InvalidIdentityPoolConfigurationException, message=Invalid identity pool configuration. Check assigned IAM roles for this pool.}]
2019-03-26 12:53:37:702 [85152:1124800] Unable to refresh. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=5 "(null)" UserInfo={__type=InvalidIdentityPoolConfigurationException, message=Invalid identity pool configuration. Check assigned IAM roles for this pool.}]
2019-03-26 12:53:37:703 [85152:1124800] Error: Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=5 "(null)" UserInfo={__type=InvalidIdentityPoolConfigurationException, message=Invalid identity pool configuration. Check assigned IAM roles for this pool.}
Error: The operation couldn’t be completed. (com.amazonaws.AWSCognitoIdentityErrorDomain error 5.)

Any pointers to where the problem lies?

Thanks, Thomas

Which AWS Services are you utilizing? Cognito S3 MobileClient

Provide code snippets (if applicable)

Environment:

• SDK Version: SDK 2.9.3
• Dependency Manager: Cocoapods
• Objective-C !

Device Information (please complete the following information):

• Device: Simulator
• iOS Version: 12.2

[thomers]

@minbi or @rohandubal , it's been a week - do you have any feedback regarding this issue?

[thomers]

@nikhil-dabhade , I guess this is related to https://github.com/aws-amplify/aws-sdk-ios/issues/1235

[royjit]

Hi @thomers, Apologies for the delayed response. Looks like this api call is failing with your current setup. Could you please provide us with the following info:

1. Do you have authRole setup in your IdentityProvider console?
2. Are you using awsconfiguration.json file to configure the SDK?

[stale[bot]]

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.