[aws-cognito] CfnIdentityPool: "Invalid Cognito Identity Provider"
See original GitHub issueI was trying to create an identity pool using the following code:
// create userPool
// create userPoolClient
const identityPool = new cognito.CfnIdentityPool(this, 'CognitoServerlessDemoIdentityPool', {
allowUnauthenticatedIdentities: true,
cognitoIdentityProviders: [
{
clientId: userPoolClient.clientId,
providerName: userPool.userPoolProviderName,
},
],
});
I got the error below.
CognitoServerlessDemoIdentityPool Invalid Cognito Identity Provider (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: InvalidParameterException; Request ID: 8c85c42d-0188-42ef-948f-5f7842c8e2a9; Proxy: null)
new CognitoServerlessDemoStack (/src/aws/cognito-serverless-demo/cdk/lib/cognito-serverless-demo-stack.js:204:26)
\_ Object.<anonymous> (/src/aws/cognito-serverless-demo/cdk/bin/cognito-serverless-demo.js:7:1)
\_ Module._compile (internal/modules/cjs/loader.js:1076:30)
\_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1097:10)
\_ Module.load (internal/modules/cjs/loader.js:941:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:782:14)
\_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
\_ internal/main/run_main_module.js:17:47
The generated CloudFormation is below. For some reason, the ClientId
attribute was missing:
CognitoServerlessDemoIdentityPool:
Type: AWS::Cognito::IdentityPool
Properties:
AllowUnauthenticatedIdentities: true
CognitoIdentityProviders:
- ProviderName:
Fn::GetAtt:
- CognitoServerlessDemoUserPool74CA82F1
- ProviderName
Environment
- CLI Version : aws-cli/1.18.155 Python/3.8.6 Linux/5.8.10-arch1-1 botocore/1.18.14
- Framework Version: 1.69.0 (build 2b474b9)
- Node.js Version: v14.12.0
- OS : Arch Linux
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (1 by maintainers)
Top Results From Across the Web
AWS Cognito Invalid identity pool configuration - Stack Overflow
The most common reason for this error is your roles aren't set up to trust your identity pool. You should confirm that the...
Read more >class CfnIdentityPool (construct) · AWS CDK
A CloudFormation AWS::Cognito::IdentityPool . The AWS::Cognito::IdentityPool resource creates an Amazon Cognito identity pool. To avoid deleting the resource ...
Read more >Cognito Identity Pool Example in AWS CDK - Complete Guide
In order to provision a Cognito identity pool in CDK, we have to use the CfnIdentityPool construct. The Identity Pool's purpose is to...
Read more >Configure Cognito Identity Pool in CDK | Serverless Stack
Copy + const identityPool = new cognito.CfnIdentityPool(this, "IdentityPool", { + allowUnauthenticatedIdentities: false, // Don't allow unathenticated users + ...
Read more >aws.cognito.IdentityPool - Pulumi
Provides an AWS Cognito Identity Pool. ... openidConnectProviderArns: ["arn:aws:iam::123456789012:oidc-provider/id.example.com"], });.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@phelucko , I am a bit late to the party but I just ran into the same issue and looking at the Cloudformation docs I realised that the provider name needed to look like so:
cognito-idp.{YOUR_REGION}.amazonaws.com/us-east-2_123456789
You can therefore keep all the
UserPool
andUserPoolClient
constructs if you concatenate your userPoolId withcognito-idp.{YOUR_REGION}.amazonaws.com/
My code in the end:
@Stf-F thanks!!! Same thing using terraform.
cognito_identity_providers {
}