Amazon Web Service SDK iOS

Question

I've been stuck trying to use the AWS with iOS for 2 days now. I downloaded the example project from here: https://github.com/awslabs/aws-sdk-ios-samples

I did exactly as the steps said, I used cocoapods to link all the libraries.

I also created a bucket and again followed the steps on how to get the ID in order to change it within the code as seen below:

AWSCognitoCredentialsProvider *credentialsProvider = [AWSCognitoCredentialsProvider
                                                      credentialsWithRegionType:AWSRegionUSEast1
                                                      accountId:AWSAccountID
                                                      identityPoolId:CognitoPoolID
                                                      unauthRoleArn:CognitoRoleUnauth
                                                      authRoleArn:nil];

So basically when Im trying to upload some images/files (in the example using the S3 Storage Service by Amazon, I get an error:

2014-09-04 15:11:57.475 S3TransferManagerSample[5437:400b] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m
  line:356 | __40-[AWSCognitoCredentialsProvider refresh]_block_invoke299 | Unable to refresh. 
  Error is [Error Domain=com.amazonaws.AWSSTSErrorDomain Code=0 "The operation couldn’t be completed. (com.amazonaws.AWSSTSErrorDomain error 0.)" 
   UserInfo=0x14d17770 {Type=Sender, Message=Not authorized to perform sts:AssumeRoleWithWebIdentity, __text=(
"\n    ",
"\n    ",
"\n    ",
"\n  "
), Code=AccessDenied}]

Just to be clear, I've already created a role and gave it a policy:AdministratorAccess and used the Role ARN to set the

unauthRoleArn:CognitoRoleUnauth   

I've read the documentation and can't seem to find the problem anywhere. I have a feeling it has something to do with the role and the policy given to the role.

I'd really appreciate any tips on how to get started or how to fix this problem.

Thanks, and if you need more details about the question feel free to comment and I'll give more, as the question got a bit lengthy.

Answer 1

the error you are experiencing is due to the trust relations in your role, not the permissions for the credentials on the role.

You must make sure your role's trust relationships:

1. Trust the identity pool you are using (the aud matches the identity pool id).
2. Trust identities with the supplied authentication (the amr matches unauthenticated or authenticated depending on your use case).

Take care when modifying roles created during the setup wizard or reusing roles as these 2 values may not match and generate the error above.

You may also find this blog post helpful in understanding how Cognito Authentication works.