如何解决用于将Google IDP添加到Cognito IdentityPoolRoleAttachment中的Cloudformation模板?
这是我的Google IDP配置的样子:
“MyGoogleIdP": {
"Type": "AWS::Cognito::UserPoolIdentityProvider","Properties": {
"ProviderDetails": {
"client_id": “XXXXXXXX.apps.googleusercontent.com","client_secret": “XXX_xxx”,"authorize_scopes": "profile email openid"
},"ProviderName": "Google","ProviderType": "Google","UserPoolId": {
"Ref": “MyCognitoPool"
},"AttributeMapping": {
"email": "email"
}
}
}
身份池配置:
“MyIdentityPool": {
"Type": "AWS::Cognito::IdentityPool","Properties": {
"AllowUnauthenticatedIdentities": false,"CognitoIdentityProviders": [
{
"ClientId": {
"Ref": "MyCognitoClient"
},"ProviderName": {
"Fn::GetAtt": ["MyCognitoPool","ProviderName"]
}
}
],"IdentityPoolName": {
"Fn::Sub": "my-${CustomDomain}"
}
}
}
身份池角色附件配置:
"MyIdentityPoolRoleAttachment": {
"Type": "AWS::Cognito::IdentityPoolRoleAttachment","Properties": {
"IdentityPoolId": {
"Ref": "MyIdentityPool"
},"Roles": {
"authenticated":{
"Fn::GetAtt":[
"UnAuthorizedUserRole","Arn"
]
}
},"RoleMappings": {
"MyGoogleIdP": {
"IdentityProvider": {
"Ref": "MyGoogleIdP"
},"AmbiguousRoleResolution": "Deny","Type": "Rules"
},“MyCognitoPool": {
"IdentityProvider": {
"Ref": “MyCognitoPool"
},"Type": "Rules"
}
}
}
}
在AWS docs中,这是他们将Facebook身份提供程序添加到RoleMappings
中的方式:
"IdentityProvider":"graph.facebook.com"
这是他们将其认知池添加到RoleMappings
的方式:
"IdentityProvider":{
"Ref":"CognitoUserPool"
}
我的问题是,如何将Google身份提供商添加到RoleMappings
?如上面的示例代码所示,我尝试使用"Ref": "MyGoogleIdP"
,但收到此错误:
(Google) is not a valid RoleMapping ProviderName or is not a configured provider.
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。