我收到这个奇怪的错误访问角色“认知角色”被禁止。
在创建云形成堆栈时,这里是我的 yaml 格式的云形成文件。
我基本上是在创建一个 s3 存储桶和一个认知身份来促进客户端对我的存储桶的访问,整个工作正常,除了这个错误 Access to Role 'phototest-cognitoRole-1AMKUVXUXAJ5H' 被禁止。(服务:AmazonCognitoIdentity;状态代码:400;错误代码:NotAuthorizedException
AWSTemplateFormatVersion: 2010-09-09
资源:
photoBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: it-academy-photos-bucket
CorsConfiguration:
CorsRules:
- AllowedHeaders: ['*']
AllowedMethods: [GET,POST,PUT]
AllowedOrigins: ['*']
Id: myrules
cognitoRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: Allow
Principal:
Federated:
- "cognito-identity.amazonaws.com"
Action:
- sts:AssumeRoleWithWebIdentity
Policies:
-
PolicyName: "photo_client_policy"
PolicyDocument:
Version: '2012-10-17'
Statement:
-
Sid: VisualEditor1
Effect: Allow
Action:
- s3:PutObject
- s3:GetObjectAcl
- s3:GetObject
- s3:GetObjectTorrent
- s3:GetObjectVersionAcl
- s3:PutObjectVersionTagging
- s3:GetObjectTagging
- s3:PutObjectTagging …我按照本教程使用 Amplify 部署了一个 AWS AppSync GraphQL 终端节点:
https://aws-amplify.github.io/docs/js/api#amplify-graphql-client
我用 Node.js 和 TypeScript 创建了一个 Lambda 函数来查询数据:
import { APIGatewayEvent, Callback, Context, Handler } from 'aws-lambda';
import Amplify, { API, graphqlOperation } from "aws-amplify";
import * as queries from './src/graphql/queries';
import * as mutations from './src/graphql/mutations';
import { CreateBlogInput } from './src/API';
import aws_config from "./src/aws-exports";
Amplify.configure(aws_config);
export const list: Handler = async (event: APIGatewayEvent, context: Context, cb: Callback) => {
const allBlogs = await API.graphql(graphqlOperation(queries.listBlogs));
// this seems to be working …amazon-web-services aws-lambda graphql aws-appsync aws-amplify