通过Cloudformation将角色添加到AWS Cognito Identity Pool
[英]Add a role to an AWS Cognito Identity Pool via Cloudformation
问题描述
I am trying to write a CloudFormation template to create a new Cognito identity pool with Google authentication and using a pre-existing role. 
我正在尝试编写CloudFormation模板,以使用Google身份验证和使用预先存在的角色创建新的Cognito身份池。
This code creates a new identity pool with google authentication - 此代码使用Google身份验证创建新的标识池 -
Resources:
cognitoid:
Type: "AWS::Cognito::IdentityPool"
Properties:
"AllowUnauthenticatedIdentities": false
"SupportedLoginProviders": { "accounts.google.com": "<Google client id>" }
For the role, AWS::Cognito::IdentityPool doesnt have anything in properties for attaching a role. 对于角色, AWS::Cognito::IdentityPool在附加角色的属性中没有任何内容。
1 个解决方案
解决方案1
8 2017-08-04 18:40:07
was finally able to make it work - 终于能够使它工作 -
AWSTemplateFormatVersion: 2010-09-09
Description: Stack to create a new Cognito identity pool with CloudFormation permissions to authenticate using a Google+ API
Resources:
CognitoId:
Type: "AWS::Cognito::IdentityPool"
Properties:
"AllowUnauthenticatedIdentities": false
"SupportedLoginProviders": { "accounts.google.com": "253488098773-olaksun66kcniitls6q7dne2asn23sdm.apps.googleusercontent.com" }
IamRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "sts:AssumeRoleWithWebIdentity"
Condition: { "ForAnyValue:StringLike": {"cognito-identity.amazonaws.com:amr": "authenticated" }, "StringEquals": {"cognito-identity.amazonaws.com:aud": !Ref CognitoId}}
Principal:
Federated:
- "cognito-identity.amazonaws.com"
Path: "/"
"Policies":
-
PolicyName: main
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "cloudformation:CreateStack"
- "cloudformation:UpdateStack"
- "cloudformation:DeleteStack"
- "cloudformation:CreateUploadBucket"
- "cloudformation:DescribeStacks"
- "cloudformation:DescribeStackEvents"
- "cloudformation:GetTemplateSummary"
- "cloudformation:ListStacks"
- "cloudformation:ListStackResources"
- "s3:CreateBucket"
- "s3:GetObject"
- "s3:PutObject"
- "mobileanalytics:PutEvent"
- "cognito-sync:*"
- "cognito-identity:*"
Resource: "*"
IdentityPoolRoleAttachment:
Type: "AWS::Cognito::IdentityPoolRoleAttachment"
Properties:
IdentityPoolId: !Ref CognitoId
Roles: {"authenticated": !GetAtt IamRole.Arn}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
我可以使用 Cloudformation 设置 AWS Cognito 用户池身份提供商吗? - Can I setup AWS Cognito User Pool Identity Providers with Cloudformation?
通过 Terraform 设置 cognito 身份池提供者角色解析 - Set cognito identity pool providers role resolution via Terraform
用于Cognito身份池创建的CloudFormation CognitoEvents列表 - List of CloudFormation CognitoEvents for Cognito Identity Pool creation
如何通过 Cognito 身份池获取临时 AWS 凭证 - How to get temporary AWS credentials via Cognito Identity Pool
AWS Cognito&Lambda:将联合身份添加到用户池 - AWS Cognito & Lambda: add federated identity to user pool
AWS Cognito角色:区分联合身份池角色和用户池组角色 - AWS Cognito role: Distinguish between Federated Identity Pool roles and User Pool Group roles
AWS CloudFormation Cognito 身份提供商 (SAML) - AWS CloudFormation Cognito Identity Provider (SAML)
AWS Cognito 身份池的 Web 界面不保存经过身份验证的提供商角色选择的更改 - Web Interface for AWS Cognito Identity Pool Not Saving Changes For Authenticated Provider Role Selection
aws cognito - 是否可以在不使用身份池的情况下使用基于角色的权限控制 - aws cognito - is it possible to use the role-based permission control without using identity pool
如何在 JSON 中的 AWS CloudFormation 模板中将 google 添加为 AWS 认知身份提供商 - How to add google as a AWS cognito identity provider in AWS CloudFormation template in JSON
相关标签