如何解决使用 Pulumi 创建 Cognito 身份池 - 未附加角色
我遵循了 Pulumi Cognito.IdentityPool docs,但无法使用 an attachment 将身份池与角色相关联。这应该很简单:创建身份池,创建角色,将角色附加到身份池。简单的。不幸的是,Pulumi 文档中的代码没有达到这个目的,缺少一些东西。这是我的代码:
import * as aws from '@pulumi/aws'
import { Stack,cognito,region } from '../../config'
const userPool = cognito.userPools[REDACTED]
const providerName: string = `cognito-idp.${region}.amazonaws.com/${userPool.poolId}`
export const swimmingPool = new aws.cognito.IdentityPool(REDACTED,{
identityPoolName: 'stuff!',allowUnauthenticatedIdentities: false,allowClassicFlow: false,cognitoIdentityProviders: [{
providerName,clientId: userPool.clientId,serverSidetokenCheck: false,}],})
export const role = new aws.iam.Role(REDACTED,{
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal(
{ Federated: 'cognito-identity.amazonaws.com' },),})
export const policy = new aws.iam.RolePolicy(REDACTED,{
role: role.id,policy: {
Version: '2012-10-17',Statement: [
{
Action: [
'cognito-sync:*','cognito-identity:*','s3:PutObject','s3:Getobject',],Effect: 'Allow',Resource: '*',},})
export const roleAttachment = new aws.cognito.IdentityPoolRoleAttachment(REDACTED,{
identityPoolId: swimmingPool.id,roles: { authenticated: role.arn },roleMappings: [{
identityProvider: `cognito-idp.${region}.amazonaws.com/${userPool.poolId}:${userPool.clientId}`,ambiguousRoleResolution: 'AuthenticatedRole',type: 'Rules',mappingRules: [{
claim: 'isAdmin',matchType: 'Equals',roleArn: role.arn,value: 'paid',})
当我查看身份池时,我希望在 AWS 控制台中看到附加的角色,但 You have not specified roles for this identity pool. Click here to fix it.
反而出现了。附加我附加的附件必须做什么?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。