问题描述
我遵循了 Pulumi Cognito.IdentityPool docs,但无法使用 an attachment 将身份池与角色相关联。这应该很简单:创建身份池,创建角色,将角色附加到身份池。简单的。不幸的是,Pulumi 文档中的代码没有达到这个目的,缺少一些东西。这是我的代码:
import * as aws from '@pulumi/aws'
import { Stack,cognito,region } from '../../config'
const userPool = cognito.userPools[REDACTED]
const providerName: string = `cognito-idp.${region}.amazonaws.com/${userPool.poolId}`
export const swimmingPool = new aws.cognito.IdentityPool(REDACTED,{
identityPoolName: 'stuff!',allowUnauthenticatedIdentities: false,allowClassicFlow: false,cognitoIdentityProviders: [{
providerName,clientId: userPool.clientId,serverSidetokenCheck: false,}],})
export const role = new aws.iam.Role(REDACTED,{
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal(
{ Federated: 'cognito-identity.amazonaws.com' },),})
export const policy = new aws.iam.RolePolicy(REDACTED,{
role: role.id,policy: {
Version: '2012-10-17',Statement: [
{
Action: [
'cognito-sync:*','cognito-identity:*','s3:PutObject','s3:Getobject',],Effect: 'Allow',Resource: '*',},})
export const roleAttachment = new aws.cognito.IdentityPoolRoleAttachment(REDACTED,{
identityPoolId: swimmingPool.id,roles: { authenticated: role.arn },roleMappings: [{
identityProvider: `cognito-idp.${region}.amazonaws.com/${userPool.poolId}:${userPool.clientId}`,ambiguousRoleResolution: 'AuthenticatedRole',type: 'Rules',mappingRules: [{
claim: 'isAdmin',matchType: 'Equals',roleArn: role.arn,value: 'paid',})
当我查看身份池时,我希望在 AWS 控制台中看到附加的角色,但 You have not specified roles for this identity pool. Click here to fix it. 反而出现了。附加我附加的附件必须做什么?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)