[英]lambda - user is not authorized to perform: cognito-idp:ListUsers
I have encountered below error when I am trying to get all users in my user pool during testing in Lambda.在 Lambda 中进行测试期间,当我尝试获取用户池中的所有用户时,我遇到了以下错误。
"errorType": "AccessDeniedException",
"errorMessage": "User: arn:aws:iam::123456789:user/xxxxx is not authorized to perform: cognito-idp:ListUsers on resource: arn:aws:cognito-idp:us-west-2:123456789:userpool/us-west-2_abcdefg",
My code in lambda:我在 lambda 中的代码:
var AWS = require('aws-sdk');
exports.handler = () => {
var params = {
UserPoolId: 'us-west-2_abcdefg',
}
return new Promise((resolve, reject) => {
AWS.config.update({ region: 'us-west-2', 'accessKeyId': 'accesskey', 'secretAccessKey': 'secretkey' });
var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();
cognitoidentityserviceprovider.listUsers(params, (err, data) => {
if (err) {
console.log(err);
reject(err)
}
else {
console.log("data", data);
resolve(data)
}
})
});
};
I tried to add inline policy in IAM but still same error:我尝试在 IAM 中添加内联策略,但仍然出现相同的错误:
I knew I should update json for the policy, but Can someone provide detailed step to update the json policy?我知道我应该为策略更新 json,但是有人可以提供更新 json 策略的详细步骤吗?
I have encountered below error when I am trying to get all users in my user pool during testing in Lambda.当我尝试在Lambda中进行测试时让所有用户都进入我的用户池时,遇到以下错误。
"errorType": "AccessDeniedException",
"errorMessage": "User: arn:aws:iam::123456789:user/xxxxx is not authorized to perform: cognito-idp:ListUsers on resource: arn:aws:cognito-idp:us-west-2:123456789:userpool/us-west-2_abcdefg",
My code in lambda:我在lambda中的代码:
var AWS = require('aws-sdk');
exports.handler = () => {
var params = {
UserPoolId: 'us-west-2_abcdefg',
}
return new Promise((resolve, reject) => {
AWS.config.update({ region: 'us-west-2', 'accessKeyId': 'accesskey', 'secretAccessKey': 'secretkey' });
var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();
cognitoidentityserviceprovider.listUsers(params, (err, data) => {
if (err) {
console.log(err);
reject(err)
}
else {
console.log("data", data);
resolve(data)
}
})
});
};
I tried to add inline policy in IAM but still same error:我试图在IAM中添加内联策略,但仍然存在相同的错误:
I knew I should update json for the policy, but Can someone provide detailed step to update the json policy?我知道我应该为该策略更新json,但是有人可以提供详细的步骤来更新json策略吗?
It's just a permission issue.这只是一个许可问题。 Follow the following steps :
请按照以下步骤操作:
I. CREATING THE POLICY (FOR PERMISSION) I. 制定政策(获得许可)
POLICY CREATED.政策已创建。
II.二、 ADDING THE POLICY TO THE USER :
向用户添加政策:
ISSUE IS RESOLVED.问题已解决。
Solution worked for me :解决方案对我有用:
Step : 1 I have created a new policy with below json from IAM console步骤:1我从 IAM 控制台使用以下 json 创建了一个新策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"cognito-identity:MergeDeveloperIdentities",
"cognito-identity:DescribeIdentityPool",
"cognito-identity:ListIdentityPools",
"cognito-identity:CreateIdentityPool",
"cognito-identity:ListIdentities",
"cognito-identity:GetOpenIdTokenForDeveloperIdentity",
"cognito-identity:GetOpenIdToken",
"cognito-identity:GetIdentityPoolRoles",
"cognito-identity:GetPrincipalTagAttributeMap",
"cognito-identity:GetId",
"cognito-identity:LookupDeveloperIdentity",
"cognito-identity:UnlinkDeveloperIdentity",
"cognito-identity:ListTagsForResource",
"cognito-identity:UpdateIdentityPool",
"cognito-identity:UnlinkIdentity",
"cognito-identity:DescribeIdentity",
"cognito-identity:GetCredentialsForIdentity"
],
"Resource": "*"
}
]
} }
Step: 2 Added the policy to ecsInstanceRole步骤:2将策略添加到 ecsInstanceRole
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.