Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
(cognito): CfnIdentityPoolRoleAttachment with rolemappings seems impossible...
See original GitHub issueThe roleMappings property requires that you use identity provider as a key, however if you try to do:
const identityProviderUrl : string = `cognito-idp.us-east-1.amazonaws.com/${this.userPool.userPoolId}:${this.userPoolClient.userPoolClientId}`;
You get:
throw new Error(`"${key}" is used as the key in a map so must resolve to a string, but it resolves to: ${JSON.stringify(resolvedKey)}. Consider using "CfnJson" to delay resolution to deployment-time`);
Is there any workaround to this that doesn’t require hard coding it as a property / multiple deploys to bootstrap?
Reproduction Steps
const identityProviderUrl : string = `cognito-idp.us-east-1.amazonaws.com/${this.userPool.userPoolId}:${this.userPoolClient.userPoolClientId}`;
const roleMapping : cognito.CfnIdentityPoolRoleAttachment.RoleMappingProperty = {
identityProvider: identityProviderUrl,
ambiguousRoleResolution: "Deny",
type: "Rules",
rulesConfiguration: {
rules: [{
claim: "cognito:groups",
matchType: "Contains",
value: "xxxxxxxx",
roleArn: this.authenticatedRole.roleArn
}]
}
}
new cognito.CfnIdentityPoolRoleAttachment(this as any, "IdentityPoolRoleAttachment", {
identityPoolId: this.identityPool.ref,
roles: {},
roleMappings: {
[identityProviderUrl]: roleMapping // <---- Problem occurs here...
}
});
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:9 (4 by maintainers)
Top Results From Across the Web
class CfnIdentityPoolRoleAttachment (construct) · AWS CDK
This is a string to the RoleMapping object map. The string identifies the identity provider. For example: graph.facebook.com or cognito-idp.us-east-1.amazonaws ...
Read more >Using CloudFormation, how can I create an Identity Pool that ...
I want to build my Identity Pool so that the Cognito provider setting for Authenticated role selection is set to Choose role from...
Read more >Identity pools (federated identities) authentication flow
Describes authentication flow in Amazon Cognito. ... It is not possible to get an unauthenticated token for authenticated or disabled identities.
Read more >Cognito Identity Pool Example in AWS CDK - Complete Guide
The Identity Pool's purpose is to grant temporary credentials to authenticated and unauthenticated users, to access AWS services. Cognito Identity Pool in AWS ......
Read more >User Authentication and Authorization with AWS Cognito
AWS Cognito provides an authentication service for applications. ... But this is less secure and it's not possible to restrict access to certain...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Having the same issue, can’t resolve the right role mapping for Cognito.
There’s a simpler solution by using the literal
"cognito-user-pool"as the key for the role mapping.