Open esumit opened 8 years ago
I edited your comment to remove account numbers. Please do not post policies that contain account IDs and identity pool ARNs publicly. I recommend you delete the resources you had created and start from scratch in case someone found this and took your account number. The answer is yes, make it similar.
This part of the tutorial is slightly confusing - please provide an example of the policy as you did with the other steps :)
A few questions ..
Do we also edit the trust relationship?
Do we replace the existing policy of the cognito auth role by replacing it with generated one for api gateway?
Can you provide some insight as to why these policies need to match?
I followed as the documentation says, But at the end I didn't understand this line : "Copy and paste the same access policy we generated for the invocation role".
Does that mean , that make Cognito_IdentityTestPoolAuth_Role to similar to previous one ? Like below
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mobileanalytics:PutEvents", "cognito-sync:", "cognito-identity:" ], "Resource": [ "" ] }, { "Sid": "Stmt1462212212000", "Effect": "Allow", "Action": [ "lambda:InvokeFunction", "execute-api:Invoke" ], "Resource": [ "arn:aws:lambda:us-east-1:XXXXXXXXX:function:zPetStoreAPIGatewayLambda", "arn:aws:execute-api:" ] }, { "Sid": "Stmt1462211764000", "Effect": "Allow", "Action": [ "cognito-identity:GetOpenIdTokenForDeveloperIdentity" ], "Resource": [ "arn:aws:cognito-identity:us-east-1:XXXXXXXXX:identitypool/us-east-1:a6fef2a4-bb3f-4e22-b9d6-xxxxxxxx" ] }, { "Sid": "Stmt1462211972000", "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Scan", "dynamodb:UpdateItem" ], "Resource": [ "arn:aws:dynamodb:us-east-1:XXXXXXXXXX:table/testPetId" ] }, { "Sid": "Stmt1462212134000", "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Scan", "dynamodb:UpdateItem" ], "Resource": [ "arn:aws:dynamodb:us-east-1:XXXXXXXX:table/testUserName" ] }, { "Sid": "Stmt1462212275000", "Effect": "Allow", "Action": [ "logs:" ], "Resource": [ "" ] } ] }
May you please clarify ?