1 Answer
- Newest
- Most votes
- Most comments
0
Hi there! Can you please share the trust policy and IAM policy associated with your Authenticated role: AWSServiceRoleForLexV2Bots_XXXX? My hunch is that your trust policy is not granting access to the cognito-identity.amazonaws.com
federated service principal and is instead granting access to the Amazon Lex service principal, in which case Cognitio cannot leverage that role for federation. Below is an example of a trust policy I have associated with my Cognito Identity Pool authenticated role:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": "<cognitio-identity-pool-id>"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated"
}
}
}
]
}
answered a year ago
Relevant content
- Accepted Answerasked 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago