IAM的文档声明Resource-property for AttachUserPolicy和DetacherUserPolicyshould应设置为托管策略将附加到的用户主体.虽然文档中iot:AttachPrincipalPolicy并iot:DetachPrincipalPolicy没有详细说明,但错误消息
AccessDeniedException:User:arn:aws:sts :: ACCOUNT_ID:assume-role/ROLE/CognitoIdentityCredentials无权执行:iot:AttachPrincipalPolicy on resource:COGNITO_ID
让我相信它期望ARN用于Cognito身份或身份池.但是,指定Cognito文档中显示的ARN会导致相同的错误.Cognito身份ARN也未在策略生成器中进行验证.
我应该指定什么资源,以便iot:AttachPrincipalPolicy和iot:DetachPrincipalPolicy被允许在Cognito身份附着/分离物联网的政策?