AWS : Invalid identity pool configuration. Check assigned IAM roles for this pool

javascript angularjs amazon-web-services aws-sdk amazon-cognito
Ankur Akvaliya picture Ankur Akvaliya · May 18, 2017 · Viewed 12.9k times · Source

I have created one user pool & identity pool.

I have used javascript sdk.

I am able to signup, send confirmation code & confirm user successfully with javascript sdk.

But when i try to sign in user with authenticate method & try to get credentials with "CognitoIdentityCredentials" by passing idToken with below code

logins[cognitoEndpoint + "/" + userPoolId] = jwtToken;

    AWS.config.credentials = new AWS.CognitoIdentityCredentials({
      IdentityPoolId: identityPoolId,
      Logins: logins
    });

it's giving me below error

Error: Invalid identity pool configuration. Check assigned IAM roles for this pool.
    at Request.extractError (aws-sdk.js:104063)
    at Request.callListeners (aws-sdk.js:106060)
    at Request.emit (aws-sdk.js:106034)
    at Request.emit (aws-sdk.js:105121)
    at Request.transition (aws-sdk.js:104843)
    at AcceptorStateMachine.runTo (aws-sdk.js:108480)
    at aws-sdk.js:108492
    at Request.<anonymous> (aws-sdk.js:104859)
    at Request.<anonymous> (aws-sdk.js:105123)
    at Request.callListeners (aws-sdk.js:106070)

I have given administrator access to "Unauthenticated role" & "Unauthenticated role" of identity pool and to user whose credentials i am using.

I am new to aws. Can anyone tell me what am i missing?

Any help would be appreciated.

Answer

Alex Hague picture Alex Hague · Sep 4, 2017

Check that the role you have assigned in Cognito Identity Pools (Federated Identities), has a trust relationship with the identity pool.

Get the identity pool ID + the name of the role that isn't working. To do this:

  • Go to Cognito
  • Select Manage Federated Identities
  • Select the identity pool
  • Click Edit identity pool (top right)
  • Make a note of the identity pool ID
  • Make a note of the name of the role that isn't working (e.g. Cognito_blahUnauth_Role

In IAM, check the trust relationship for the role. Ensure that the StringEquals condition value matches the identity pool ID.

To do this:

  • Go to IAM
  • Click Roles
  • Click the name of the role that you noted previously
  • Click Trust relationships
  • On the right under Conditions, check the StringEquals condition contains the identity pool Id that you noted previously.

Edit the trust relationship to fix.

Related questions

"Thinking in AngularJS" if I have a jQuery background?

Suppose I'm familiar with developing client-side applications in jQuery, but now I'd like to start using AngularJS. Can you describe the paradigm shift that is necessary? Here are a few questions that might help you frame an answer: How do …

Read More
AngularJS passing data to $http.get request

I have a function which does a http POST request. The code is specified below. This works fine. $http({ url: user.update_path, method: "POST", data: {user_id: user.id, draft: true} }); I have another function for http GET and …

Read More
Insert HTML into view from AngularJS controller

Is it possible to create an HTML fragment in an AngularJS controller and have this HTML shown in the view? This comes from a requirement to turn an inconsistent JSON blob into a nested list of id: value pairs. Therefore …

Read More