1 Answer
- Newest
- Most votes
- Most comments
0
Hi Emma,
when you're having IAM related errors and problems, the first element to check is CloudTrail where you can get more details (especially missing/incorrect actions) compared to the API output.
Then, on your specific error, everything seems ok at first, the ListUsers action is under cognito-idp
service prefix so your role should be good.
I'd suspect the role you defined is not used in your code, can you check ?
answered 2 months ago
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
Hello Pierre-Yves,
I can't see any activity related to my service account on CloudTrail, it seems to log only my personal user connection to the aws console.
I'm pretty sure I use the IAM role to authenticate as when I change the role name I have an error like :
User: arn:aws:iam::<accountId>:user/<accoutName> is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::<accountId>:role/<roleWrongName> (Service: Sts, Status Code: 403, Request ID: <requestId>)
I also use the correct secretID/key because I have this error if I change them to an incorrect one :
The security token included in the request is invalid. (Service: Sts, Status Code: 403, Request ID: <requestId>)
Is there any restriction if I grant rights to the IAM user in several different ways (role, directly, policy)?