lambda-用户无权执行:cognito-idp:ListUsers [英] lambda - user is not authorized to perform: cognito-idp:ListUsers
本文介绍了lambda-用户无权执行:cognito-idp:ListUsers的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
当我尝试在Lambda中进行测试时让所有用户都进入我的用户池时,遇到以下错误.
I have encountered below error when I am trying to get all users in my user pool during testing in Lambda.
"errorType": "AccessDeniedException",
"errorMessage": "User: arn:aws:iam::123456789:user/xxxxx is not authorized to perform: cognito-idp:ListUsers on resource: arn:aws:cognito-idp:us-west-2:123456789:userpool/us-west-2_abcdefg",
我在lambda中的代码:
My code in lambda:
var AWS = require('aws-sdk');
exports.handler = () => {
var params = {
UserPoolId: 'us-west-2_abcdefg',
}
return new Promise((resolve, reject) => {
AWS.config.update({ region: 'us-west-2', 'accessKeyId': 'accesskey', 'secretAccessKey': 'secretkey' });
var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();
cognitoidentityserviceprovider.listUsers(params, (err, data) => {
if (err) {
console.log(err);
reject(err)
}
else {
console.log("data", data);
resolve(data)
}
})
});
};
我试图在IAM中添加内联策略,但仍然存在相同的错误:
I tried to add inline policy in IAM but still same error:
Lambda IAM角色
Lambda IAM Role
我知道我应该为该策略更新json,但是有人可以提供详细的步骤来更新json策略吗?
I knew I should update json for the policy, but Can someone provide detailed step to update the json policy?
推荐答案
您的错误 cognito-idp:ListUsers
与 Conginto用户池有关,而不与Cognito用户身份有关.因此,您的政策应为:
Your error cognito-idp:ListUsers
is about Conginto User Pools, not Cognito User Identities. So your policy should be:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "cognito-idp:ListUsers",
"Resource": "*"
}
]
}
这篇关于lambda-用户无权执行:cognito-idp:ListUsers的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文