I want to put object to AWS S3 directly from browser on angular js.
For this, I use cognito developer authentication. I got cognito identity id and token from my rails server.
With that token(I think it is valid), my put action is rejected from AWS S3 : Invalid login token.
I don't know why..
Here is my code.
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
AccountId: '0000',
IdentityPoolId: 'us-east-1:0000-0000-0000',
RoleArn: 'arn:aws:iam::0000:role/myRoleName',
Logins: {
'cognito-identity.amazonaws.com': 'token from cognito.get_open_id_token_for_developer_identity'
}
});
var bucket = new AWS.S3({ params: { Region: 'ap-northeast-1', Bucket: 'my bucket name' }});
(0000 parts are just sample)
I wonder there is no space for 'identity_id' from cognito.get_open_id_token_for_developer_identity.
Config regioin and s3 region are different because I use tokyo S3 but n.virginia Cognito.
++ I added s3 full access to Managed Policies in my role(myRoleName), and added below setting to Inline policy. (I also added 'resource * version of below setting' to Inline policy)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "0000",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::myBucketName"
]
}
]
}
Aucun commentaire:
Enregistrer un commentaire