Google認証と既存の役割を使用して新しいCognito IDプールを作成するCloudFormationテンプレートを作成しようとしています。役割については雲の情報を使ってAWS Cognitoアイデンティティプールに役割を追加
Resources:
cognitoid:
Type: "AWS::Cognito::IdentityPool"
Properties:
"AllowUnauthenticatedIdentities": false
"SupportedLoginProviders": { "accounts.google.com": "<Google client id>" }
、役割を取り付けるためのプロパティで何かを持っているdoesntのAWS::Cognito::IdentityPool -
このコードは、Googleの認証を持つ新しいアイデンティティー・プールを作成します。
は最終的にそれを動作させることができました -
AWSTemplateFormatVersion: 2010-09-09
Description: Stack to create a new Cognito identity pool with CloudFormation permissions to authenticate using a Google+ API
Resources:
CognitoId:
Type: "AWS::Cognito::IdentityPool"
Properties:
"AllowUnauthenticatedIdentities": false
"SupportedLoginProviders": { "accounts.google.com": "253488098773-olaksun66kcniitls6q7dne2asn23sdm.apps.googleusercontent.com" }
IamRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "sts:AssumeRoleWithWebIdentity"
Condition: { "ForAnyValue:StringLike": {"cognito-identity.amazonaws.com:amr": "authenticated" }, "StringEquals": {"cognito-identity.amazonaws.com:aud": !Ref CognitoId}}
Principal:
Federated:
- "cognito-identity.amazonaws.com"
Path: "/"
"Policies":
-
PolicyName: main
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "cloudformation:CreateStack"
- "cloudformation:UpdateStack"
- "cloudformation:DeleteStack"
- "cloudformation:CreateUploadBucket"
- "cloudformation:DescribeStacks"
- "cloudformation:DescribeStackEvents"
- "cloudformation:GetTemplateSummary"
- "cloudformation:ListStacks"
- "cloudformation:ListStackResources"
- "s3:CreateBucket"
- "s3:GetObject"
- "s3:PutObject"
- "mobileanalytics:PutEvent"
- "cognito-sync:*"
- "cognito-identity:*"
Resource: "*"
IdentityPoolRoleAttachment:
Type: "AWS::Cognito::IdentityPoolRoleAttachment"
Properties:
IdentityPoolId: !Ref CognitoId
Roles: {"authenticated": !GetAtt IamRole.Arn}
これ、感謝を助けた:) –