search

ionic-team / ionic2-starter-aws

Ionic + AWS MobileHub Starter Project
235 stars 47 forks source link

How to set the permission on Cognito Identity? #7

Open pinetop opened 7 years ago

pinetop commented 7 years ago

Hi, I have faced this issue after sign up an account and manage to sign in. I was trying to create a new task, however it shows that the identity has no permission in doing that. The error is as below. May I know how to add the permission policy for this?

Error: User: arn:aws:sts::831509325306:assumed-role/mobilehubproject_auth_MOBILEHUB_1218068470/CognitoIdentityCredentials is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:ap-northeast-1:831509325306:table/ionic-mobile-hub-tasks/index/DateSorted

chenjianAgain commented 7 years ago

It seems like should config IAM.

chenjianAgain commented 7 years ago

eg. give the dynamodb:query permission to the arn.

mediastormcreative commented 7 years ago

Hi, I am having a very similar problem as pinetop. I am working with a slightly modified version of the ionic aws starter kit, and I am trying to display the contents of a new Dynamodb table to an ionic3 page. I have the table permissions set to 'Protected'. The error message is as follows,

"AccessDeniedException: User: arn:aws:sts::033645885530:assumed-role/summerlifestyletakeo_auth_MOBILEHUB_179863766/CognitoIdentityCredentials is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:us-west-2:033645885530:table/ionic-slt-presenters/index/userId"

I realize that the issue is most likely an IAM config issue as chenjianAgain stated, however I would very much appreciate a little more detail in how to fix my permissions. I accessed this role, summerlifestyletakeo_auth_MOBILEHUB_179863766, in the IAM section but it brought me to second page listing a series of roles. The policy in use for summerlifestyletakeo_hosting_MOBILEHUB_179863766 is

{ "Version": "2012-10-17", "Statement": [ { "Effect":"Allow", "Action":[ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::summerlifestyletakeo-hosting-mobilehub-179863766" ] } ] }

This seems a little sparse to me, but I am at a loss as to fix the permissions so that users can read the table.

Thank you very much for your help!

mediastormcreative commented 7 years ago

I ran the IAM policy simulator on summerlifestyletakeo_hosting_MOBILEHUB_179863766 but I received an error message: denied Implicitly denied (no matching statements)

mediastormcreative commented 7 years ago

The error message has now changed to 'NotAuthorizedException: Missing credentials in config' This can't be good.