Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS : Invalid identity pool configuration. Check assigned IAM roles for this pool

I have created one user pool & identity pool.

I have used javascript sdk.

I am able to signup, send confirmation code & confirm user successfully with javascript sdk.

But when i try to sign in user with authenticate method & try to get credentials with "CognitoIdentityCredentials" by passing idToken with below code

logins[cognitoEndpoint + "/" + userPoolId] = jwtToken;      AWS.config.credentials = new AWS.CognitoIdentityCredentials({       IdentityPoolId: identityPoolId,       Logins: logins     }); 

it's giving me below error

Error: Invalid identity pool configuration. Check assigned IAM roles for this pool.     at Request.extractError (aws-sdk.js:104063)     at Request.callListeners (aws-sdk.js:106060)     at Request.emit (aws-sdk.js:106034)     at Request.emit (aws-sdk.js:105121)     at Request.transition (aws-sdk.js:104843)     at AcceptorStateMachine.runTo (aws-sdk.js:108480)     at aws-sdk.js:108492     at Request.<anonymous> (aws-sdk.js:104859)     at Request.<anonymous> (aws-sdk.js:105123)     at Request.callListeners (aws-sdk.js:106070) 

I have given administrator access to "Unauthenticated role" & "Unauthenticated role" of identity pool and to user whose credentials i am using.

I am new to aws. Can anyone tell me what am i missing?

Any help would be appreciated.

like image 307
Ankur Akvaliya Avatar asked May 18 '17 09:05

Ankur Akvaliya


1 Answers

Check that the role you have assigned in Cognito Identity Pools (Federated Identities), has a trust relationship with the identity pool.

Get the identity pool ID + the name of the role that isn't working. To do this:

  • Go to Cognito
  • Select Manage Federated Identities
  • Select the identity pool
  • Click Edit identity pool (top right)
  • Make a note of the identity pool ID
  • Make a note of the name of the role that isn't working (e.g. Cognito_blahUnauth_Role

In IAM, check the trust relationship for the role. Ensure that the StringEquals condition value matches the identity pool ID.

To do this:

  • Go to IAM
  • Click Roles
  • Click the name of the role that you noted previously
  • Click Trust relationships
  • On the right under Conditions, check the StringEquals condition contains the identity pool Id that you noted previously.

Edit the trust relationship to fix.

like image 166
Alex Hague Avatar answered Sep 26 '22 21:09

Alex Hague