1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
Your PolicyDocument looks correct to me, but IAM permissions are sometimes a real PITA to get right. Looking more closely at the error, it seems to indicate that it's complaining about the resource not being "*". Maybe Cognito doesn't support resource-level permissions and you have to use the wildcard; I looked in the Cognito docs but I can't find a clear answer.
Suggestion: change
Resource:
- "arn:aws:cognito-idp:*:*:userpool/*"
to
Resource:
- "*"
répondu il y a un an
Contenus pertinents
- demandé il y a un an
- demandé il y a 3 mois
- Réponse acceptéedemandé il y a 2 ans
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
"Actions defined by Amazon Cognito User Pools" documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncognitouserpools.html where the row for "CreateUserPool" indicates no value in Resource types column, meaning you must specify all resources ("*") in the Resource element of your policy statement.