lazhuward score 1278
2018/05/10 11:38 投稿
| ``` |
| AWS.config.update({ |
| credentials: new AWS.CognitoIdentityCredentials({ |
| RoleArn: "arn:aws:iam::[Account ID]:role/[Role name]", |
| IdentityPoolId: [Cognito IdentityPoolId] |
| }) |
| }); |
| ``` |
| の `RoleArn` のところ、Poolとarnが共存しているので不具合が起きているような気がします。 |
| 参考にしたページもARN書いて無かったのですが、どこかでROLEARN使っている記事がありましたか? |
| ■FYI |
| [Amazon Cognito » 開発者ガイド](https://docs.aws.amazon.com/ja_jp/cognito/latest/developerguide/setting-up-the-javascript-sdk.html) |
| [cognitoを使ってログイン画面を作ってみた! 〜ログイン画面作成〜(作業メモ)](https://qiita.com/Yuki_BB3/items/ee8330830951acd907de) |
| [Amazon Cognito UserPools を JavaScript から使ってみる](https://qiita.com/kusokamayarou/items/60bcf9d16ce0df93b0ea) |
| ##追記1 |
| IAMポリシーを以下にしてみてください。 |
| ``` |
| { |
| "Version": "2012-10-17", |
| "Statement": [ |
| { |
| "Sid": "AllowPublicCognitoIdentity", |
| "Effect": "Allow", |
| "Action": [ |
| "cognito-identity:*", |
| "mobileanalytics:PutEvents", |
| "cognito-sync:*" |
| ], |
| "Resource": "*" |
| }, |
| { |
| "Sid": "AllowPublicS3Bucket", |
| "Effect": "Allow", |
| "Action": [ |
| "s3:ListBucket" |
| ], |
| "Resource": [ |
| "arn:aws:s3:::[Bucket name]" |
| ], |
| "Condition": { |
| "StringLike": { |
| "s3:prefix": [ |
| "cognito/[cognito app name]/ |
| "cognito/[cognito app name]/" |
| ] |
| } |
| } |
| }, |
| { |
| "Sid": "AllowPublicS3Object", |
| "Effect": "Allow", |
| "Action": [ |
| "s3:GetObject", |
| "s3:PutObject", |
| "s3:DeleteObject", |
| "s3:PutObjectAcl" |
| ], |
| "Resource": [ |
| "arn:aws:s3:::[Bucket name]/cognito/[cognito app name]/[folder name]/", |
| "arn:aws:s3:::[Bucket name]/cognito/[cognito app name]/[folder name]/*" |
| ] |
| } |
| ] |
| } |
| ``` |
| ##追記2 |
| Cognito IAMロールのデフォルトポリシー |
| ``` |
| { |
| "Version": "2012-10-17", |
| "Statement": [ |
| { |
| "Effect": "Allow", |
| "Action": [ |
| "mobileanalytics:PutEvents", |
| "cognito-sync:*", |
| "cognito-identity:*" |
| ], |
| "Resource": [ |
| "*" |
| ] |
| } |
| ] |
| } |
| ``` |
lazhuward score 1278
2018/05/09 16:13 投稿
| ``` |
| AWS.config.update({ |
| credentials: new AWS.CognitoIdentityCredentials({ |
| RoleArn: "arn:aws:iam::[Account ID]:role/[Role name]", |
| IdentityPoolId: [Cognito IdentityPoolId] |
| }) |
| }); |
| ``` |
| の `RoleArn` のところ、Poolとarnが共存しているので不具合が起きているような気がします。 |
| 参考にしたページもARN書いて無かったのですが、どこかでROLEARN使っている記事がありましたか? |
| ■FYI |
| [Amazon Cognito » 開発者ガイド](https://docs.aws.amazon.com/ja_jp/cognito/latest/developerguide/setting-up-the-javascript-sdk.html) |
| [cognitoを使ってログイン画面を作ってみた! 〜ログイン画面作成〜(作業メモ)](https://qiita.com/Yuki_BB3/items/ee8330830951acd907de) |
| [Amazon Cognito UserPools を JavaScript から使ってみる](https://qiita.com/kusokamayarou/items/60bcf9d16ce0df93b0ea) |
| [Amazon Cognito UserPools を JavaScript から使ってみる](https://qiita.com/kusokamayarou/items/60bcf9d16ce0df93b0ea) |
| ##追記1 |
| IAMポリシーを以下にしてみてください。 |
| ``` |
| { |
| "Version": "2012-10-17", |
| "Statement": [ |
| { |
| "Sid": "AllowPublicCognitoIdentity", |
| "Effect": "Allow", |
| "Action": [ |
| "cognito-identity:*", |
| "mobileanalytics:PutEvents", |
| "cognito-sync:*" |
| ], |
| "Resource": "*" |
| }, |
| { |
| "Sid": "AllowPublicS3Bucket", |
| "Effect": "Allow", |
| "Action": [ |
| "s3:ListBucket" |
| ], |
| "Resource": [ |
| "arn:aws:s3:::[Bucket name]" |
| ], |
| "Condition": { |
| "StringLike": { |
| "s3:prefix": [ |
| "cognito/[cognito app name]/[folder name]/" |
| ] |
| } |
| } |
| }, |
| { |
| "Sid": "AllowPublicS3Object", |
| "Effect": "Allow", |
| "Action": [ |
| "s3:GetObject", |
| "s3:PutObject", |
| "s3:DeleteObject", |
| "s3:PutObjectAcl" |
| ], |
| "Resource": [ |
| "arn:aws:s3:::[Bucket name]/cognito/[cognito app name]/[folder name]/", |
| "arn:aws:s3:::[Bucket name]/cognito/[cognito app name]/[folder name]/*" |
| ] |
| } |
| ] |
| } |
| ``` |
