1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
1
Your PolicyDocument looks correct to me, but IAM permissions are sometimes a real PITA to get right. Looking more closely at the error, it seems to indicate that it's complaining about the resource not being "*". Maybe Cognito doesn't support resource-level permissions and you have to use the wildcard; I looked in the Cognito docs but I can't find a clear answer.
Suggestion: change
Resource:
- "arn:aws:cognito-idp:*:*:userpool/*"
to
Resource:
- "*"
beantwortet vor einem Jahr
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 2 Jahren
"Actions defined by Amazon Cognito User Pools" documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncognitouserpools.html where the row for "CreateUserPool" indicates no value in Resource types column, meaning you must specify all resources ("*") in the Resource element of your policy statement.