AWS Cognito Token login error with my token from developer authentication
I want to put an object in AWS S3 directly from the browser in angular js.
For this, I use cognito developer authentication. I got the cognito id and id token from my rails server.
With this token (I think it really is), my put action is rejected from AWS S3: Invalid login token.
I do not know why..
Here is my code.
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
AccountId: '0000',
IdentityPoolId: 'us-east-1:0000-0000-0000',
RoleArn: 'arn:aws:iam::0000:role/myRoleName',
Logins: {
'cognito-identity.amazonaws.com': 'token from cognito.get_open_id_token_for_developer_identity'
}
});
var bucket = new AWS.S3({ params: { Region: 'ap-northeast-1', Bucket: 'my bucket name' }});
(0000 parts is just a sample)
Interestingly, there is no room for 'identity_id' from cognito.get_open_id_token_for_developer_identity.
The config regions and s3 scopes are different because I am using tokyo S3 but n.virginia Cognito.
++ I added s3 full access to managed policies in my role (myRoleName) and added below in Inline policy. (I also added "resource * version below setting" for Inline policy)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "0000",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::myBucketName"
]
}
]
}
source to share
It looks like you are trying to use "Basic authflow". Here is a link to our documentation on auth flows:
http://docs.aws.amazon.com/cognito/devguide/identity/concepts/authentication-flow/#developer-authenticated-identities-authflow
This does not use the marker you provide on the entry card.
I recommend using "Enhanced authflow". To do this:
(1) Make sure your identity pool has the roles that you want your users to use: http://docs.aws.amazon.com/cognito/devguide/identity/concepts/iam-roles/
(2) Remove the AccountId and RoleArn arguments for the identity constructor.
source to share