个人中心
gpt4 book ai didi

amazon-web-services - 通过 Cloudformation 将角色添加到 AWS Cognito 身份池

转载 作者:行者123 更新时间:2023-12-02 12:26:22 25 4
gpt4 key购买 nike

我正在尝试编写一个 CloudFormation 模板来创建一个具有 Google 身份验证并使用预先存在的角色的新 Cognito 身份池。

此代码使用 google 身份验证创建一个新的身份池 -

Resources:
 cognitoid:
  Type: "AWS::Cognito::IdentityPool"
  Properties:
   "AllowUnauthenticatedIdentities": false
   "SupportedLoginProviders": { "accounts.google.com": "<Google client id>" }

对于角色,AWS::Cognito::IdentityPool 属性中没有任何用于附加角色的内容。

最佳答案

终于能够让它发挥作用 -

AWSTemplateFormatVersion: 2010-09-09

Description: Stack to create a new Cognito identity pool with CloudFormation permissions to authenticate using a Google+ API

Resources:
 CognitoId:
  Type: "AWS::Cognito::IdentityPool"
  Properties:
   "AllowUnauthenticatedIdentities": false
   "SupportedLoginProviders": { "accounts.google.com": "253488098773-olaksun66kcniitls6q7dne2asn23sdm.apps.googleusercontent.com" }

 IamRole:
  Type: "AWS::IAM::Role"
  Properties:
   AssumeRolePolicyDocument:
    Version: "2012-10-17"
    Statement:
      -
        Effect: "Allow"
        Action:
          - "sts:AssumeRoleWithWebIdentity"
        Condition: { "ForAnyValue:StringLike": {"cognito-identity.amazonaws.com:amr": "authenticated" },  "StringEquals": {"cognito-identity.amazonaws.com:aud": !Ref CognitoId}}
        Principal:
          Federated:
            - "cognito-identity.amazonaws.com"
   Path: "/"
   "Policies":
     -
      PolicyName: main
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          -
            Effect: "Allow"
            Action:
              - "cloudformation:CreateStack"
              - "cloudformation:UpdateStack"
              - "cloudformation:DeleteStack"
              - "cloudformation:CreateUploadBucket"
              - "cloudformation:DescribeStacks"
              - "cloudformation:DescribeStackEvents"
              - "cloudformation:GetTemplateSummary"
              - "cloudformation:ListStacks"
              - "cloudformation:ListStackResources"
              - "s3:CreateBucket"
              - "s3:GetObject"
              - "s3:PutObject"
              - "mobileanalytics:PutEvent"
              - "cognito-sync:*"
              - "cognito-identity:*"
            Resource: "*" 
 IdentityPoolRoleAttachment:
  Type: "AWS::Cognito::IdentityPoolRoleAttachment"
  Properties:
   IdentityPoolId: !Ref CognitoId
   Roles: {"authenticated": !GetAtt IamRole.Arn}

关于amazon-web-services - 通过 Cloudformation 将角色添加到 AWS Cognito 身份池,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45459746/

25 4 0
文章推荐: can-bus - CAPL 编程使用 Timer 作为延迟
文章推荐: java - 如何在 Eclipse 运行配置中获取当前的 Git 分支名称
文章推荐: java - 如何使用父类(super class)实例在运行时访问子类字段
文章推荐: silverlight-4.0 - DispatcherHelper 的简单示例
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com