个人中心
gpt4 book ai didi

amazon-web-services - 如何使用 aws cdk 使用 Cognito UserPool 作为身份验证提供程序之一创建 Cognito IdentityPool?

转载 作者:行者123 更新时间:2023-12-04 08:00:08 26 4
gpt4 key购买 nike

我正在尝试使用 CognitoUserPool 作为一个身份验证提供程序创建 Cognito FederatedIdentityPool。创建 UserPool 很简单:

    const userPool = new cognito.CfnUserPool(this, 'MyCognitoUserPool')
    const userPoolClient = new cognito.CfnUserPoolClient(this, 'RandomQuoteUserPoolClient', {
      generateSecret: false,
      userPoolId: userPool.userPoolId
    });

但是我不确定如何将其连接到身份池: 

    const identityPool = new cognito.CfnIdentityPool(this, 'MyIdentityPool', {
      allowUnauthenticatedIdentities: false,
      cognitoIdentityProviders: ?????
    });

基于 IdentityProvider API Documentation看起来有一个属性 cognitoIdentityProviders ,但是它接受一个数组 cdk.Token/CognitoIdentityProviderProperty .

现在我尝试创建一个 CognitoIdentityProviderProperty对象并传递它 cognitoIdentityProviders: [{ clientId: userPoolClient.userPoolClientId }] ,但我收到以下异常: 
 1/2 | 09:48:35 | CREATE_FAILED        | AWS::Cognito::IdentityPool   | RandomQuoteIdentityPool Invalid Cognito Identity Provider (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: InvalidParameterException; Request ID: 4d6d579a-6455-11e9-99a9-85159bc87779)
        new CdkWorkshopStack (/Users/cdk/lib/cdk-workshop-stack.ts:46:26)
        \_ Object.<anonymous> (/Users/cdk/bin/cdk-workshop.ts:7:1)
        \_ Module._compile (module.js:653:30)
        \_ Object.Module._extensions..js (module.js:664:10)
        \_ Module.load (module.js:566:32)
        \_ tryModuleLoad (module.js:506:12)
        \_ Function.Module._load (module.js:498:3)
        \_ Function.Module.runMain (module.js:694:10)
        \_ startup (bootstrap_node.js:204:16)
        \_ bootstrap_node.js:625:3

我什至尝试从 AWS 控制台复制 id 并在这里对其进行硬编码,仍然是同样的错误。
  • 有人可以帮我解释如何在 CfnIdentityPool 中配置身份验证提供程序吗? .
  • 为什么会有 UserPoolCfnUserPool ?它们之间有什么区别,应该使用哪一个?

    • 最佳答案

    当您使用用户池作为身份提供者创建身份池时,这是我设法模仿通过 aws 控制台创建的默认配置的方式。除了您所要求的功能(允许未经身份验证的访问并指定密码策略)之外,它还包括一些其他功能,但很容易根据您的需要进行修改。

        const userPool = new cognito.UserPool(this, 'MyUserPool', {
            signInType: SignInType.EMAIL,
            autoVerifiedAttributes: [
                UserPoolAttribute.EMAIL
            ]
        });
        const cfnUserPool = userPool.node.defaultChild as cognito.CfnUserPool;
        cfnUserPool.policies = {
            passwordPolicy: {
                minimumLength: 8,
                requireLowercase: false,
                requireNumbers: false,
                requireUppercase: false,
                requireSymbols: false
            }
        };
        const userPoolClient = new cognito.UserPoolClient(this, 'MyUserPoolClient', {
            generateSecret: false,
            userPool: userPool,
            userPoolClientName: 'MyUserPoolClientName'
        });
        const identityPool = new cognito.CfnIdentityPool(this, 'MyCognitoIdentityPool', {
            allowUnauthenticatedIdentities: false,
            cognitoIdentityProviders: [{
                clientId: userPoolClient.userPoolClientId,
                providerName: userPool.userPoolProviderName,
            }]
        });
        const unauthenticatedRole = new iam.Role(this, 'CognitoDefaultUnauthenticatedRole', {
            assumedBy: new iam.FederatedPrincipal('cognito-identity.amazonaws.com', {
                "StringEquals": { "cognito-identity.amazonaws.com:aud": identityPool.ref },
                "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "unauthenticated" },
            }, "sts:AssumeRoleWithWebIdentity"),
        });
        unauthenticatedRole.addToPolicy(new PolicyStatement({
            effect: Effect.ALLOW,
            actions: [
                "mobileanalytics:PutEvents",
                "cognito-sync:*"
            ],
            resources: ["*"],
        }));
        const authenticatedRole = new iam.Role(this, 'CognitoDefaultAuthenticatedRole', {
            assumedBy: new iam.FederatedPrincipal('cognito-identity.amazonaws.com', {
                "StringEquals": { "cognito-identity.amazonaws.com:aud": identityPool.ref },
                "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "authenticated" },
            }, "sts:AssumeRoleWithWebIdentity"),
        });
        authenticatedRole.addToPolicy(new PolicyStatement({
            effect: Effect.ALLOW,
            actions: [
                "mobileanalytics:PutEvents",
                "cognito-sync:*",
                "cognito-identity:*"
            ],
            resources: ["*"],
        }));
        const defaultPolicy = new cognito.CfnIdentityPoolRoleAttachment(this, 'DefaultValid', {
            identityPoolId: identityPool.ref,
            roles: {
                'unauthenticated': unauthenticatedRole.roleArn,
                'authenticated': authenticatedRole.roleArn
            }
        });


    Why is there a UserPool and CfnUserPool? What is difference between them and which one is supposed to be used?



    UserPool 是资源的高级表示,是首选的工作方式,但尚未实现所有属性。 CfnUserPool(任何带有 Cfn 前缀的类)是映射到 Cloudformation 资源的低级表示。当高级类(class)不能满足您的需求时,您可以同时使用两者,如示例中所示。

    关于amazon-web-services - 如何使用 aws cdk 使用 Cognito UserPool 作为身份验证提供程序之一创建 Cognito IdentityPool?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55784746/

    26 4 0
    文章推荐: latex - 在 latex 列表包中使用特殊字符作为关键字
    文章推荐: python - Beautiful Soup 和 Pandas 提取物编号
    文章推荐: javascript - 如何在函数中处理时获取更新的值
    文章推荐: amazon-web-services - CloudFormation SecurityGroup 循环引用
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    全站热门文章
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com