This repository has been archived by the owner on May 19, 2021. It is now read-only.
What is the meaning "Copy and paste the same access policy we generated for the invocation role" #13
Comments
|
I edited your comment to remove account numbers. Please do not post policies that contain account IDs and identity pool ARNs publicly. I recommend you delete the resources you had created and start from scratch in case someone found this and took your account number. The answer is yes, make it similar. |
|
This part of the tutorial is slightly confusing - please provide an example of the policy as you did with the other steps :) A few questions .. Do we also edit the trust relationship? Do we replace the existing policy of the cognito auth role by replacing it with generated one for api gateway? Can you provide some insight as to why these policies need to match? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I followed as the documentation says, But at the end I didn't understand this line : "Copy and paste the same access policy we generated for the invocation role".
Does that mean , that make Cognito_IdentityTestPoolAuth_Role to similar to previous one ? Like below
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:",
"cognito-identity:"
],
"Resource": [
""
]
},
{
"Sid": "Stmt1462212212000",
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction",
"execute-api:Invoke"
],
"Resource": [
"arn:aws:lambda:us-east-1:XXXXXXXXX:function:zPetStoreAPIGatewayLambda",
"arn:aws:execute-api:"
]
},
{
"Sid": "Stmt1462211764000",
"Effect": "Allow",
"Action": [
"cognito-identity:GetOpenIdTokenForDeveloperIdentity"
],
"Resource": [
"arn:aws:cognito-identity:us-east-1:XXXXXXXXX:identitypool/us-east-1:a6fef2a4-bb3f-4e22-b9d6-xxxxxxxx"
]
},
{
"Sid": "Stmt1462211972000",
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Scan",
"dynamodb:UpdateItem"
],
"Resource": [
"arn:aws:dynamodb:us-east-1:XXXXXXXXXX:table/testPetId"
]
},
{
"Sid": "Stmt1462212134000",
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Scan",
"dynamodb:UpdateItem"
],
"Resource": [
"arn:aws:dynamodb:us-east-1:XXXXXXXX:table/testUserName"
]
},
{
"Sid": "Stmt1462212275000",
"Effect": "Allow",
"Action": [
"logs:"
],
"Resource": [
""
]
}
]
}
May you please clarify ?
The text was updated successfully, but these errors were encountered: