Amazon Rekognition 比较照片拒绝访问异常
Amazon Rekognition Compare Photos Access Denied Exception
我想比较两张照片。当我连接到 AWS 时,我尝试连接到 AmazonRekognitionClient:
CompareFacesResult result = new
AmazonRekognitionClient(credentialsProvider).compareFaces(request);
但是有这个错误:
Caused by: com.amazonaws.services.rekognition.model.AccessDeniedException: User: arn:aws:sts::475877890857:assumed-role/wsirstpp-20181028230251-unauthRole/CognitoIdentityCredentials is not authorized to perform: rekognition:CompareFaces (Service: AmazonRekognition; Status Code: 400; Error Code: AccessDeniedException; Request ID: 7f665a07-db54-11e8-8773-2de830a9e39f)
获取照片信息的完整代码:
ByteBuffer image1 = ByteBuffer.wrap(imageSource);
ByteBuffer image2 = ByteBuffer.wrap(imageTarget);
CompareFacesRequest request = new CompareFacesRequest()
.withSourceImage(new Image().withBytes(image1))
.withTargetImage(new Image().withBytes(image2))
.withSimilarityThreshold(70 F);
CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(
context,
"us-east-2:My_pool_Id", // Identity pool ID
Regions.US_EAST_2 // Region
);
CompareFacesResult result = new AmazonRekognitionClient(credentialsProvider).compareFaces(request);
List < CompareFacesMatch > faceMatches = result.getFaceMatches();
for (CompareFacesMatch match: faceMatches) {
Float similarity = match.getSimilarity();
Log.d(TAG, "run: similarity:" + similarity.toString());
}
怎么了?我在这段代码中做错了什么?
您的错误消息部分 "unauthRole/CognitoIdentityCredentials" 表明您正在向未经身份验证的 Cognito 用户发出请求。可以为未经身份验证的 Cognito 用户分配具有权限策略的 IAM 角色来执行各种任务,但您必须在设置中明确允许这样做。
您是否使用 Cloudformation 设置您的角色和权限?我使用无服务器框架,但它与 Cloudformation 基本相同。
在我的应用程序中,我不允许我的 Cognito 未授权用户做太多事情,但允许我的 Cognito 授权用户调用 lambda,并且该 lambda 被授权执行各种重新识别请求。
原因在于 Cognito 规则。首先需要创建一个规则,然后编辑规则
我想比较两张照片。当我连接到 AWS 时,我尝试连接到 AmazonRekognitionClient:
CompareFacesResult result = new
AmazonRekognitionClient(credentialsProvider).compareFaces(request);
但是有这个错误:
Caused by: com.amazonaws.services.rekognition.model.AccessDeniedException: User: arn:aws:sts::475877890857:assumed-role/wsirstpp-20181028230251-unauthRole/CognitoIdentityCredentials is not authorized to perform: rekognition:CompareFaces (Service: AmazonRekognition; Status Code: 400; Error Code: AccessDeniedException; Request ID: 7f665a07-db54-11e8-8773-2de830a9e39f)
获取照片信息的完整代码:
ByteBuffer image1 = ByteBuffer.wrap(imageSource);
ByteBuffer image2 = ByteBuffer.wrap(imageTarget);
CompareFacesRequest request = new CompareFacesRequest()
.withSourceImage(new Image().withBytes(image1))
.withTargetImage(new Image().withBytes(image2))
.withSimilarityThreshold(70 F);
CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(
context,
"us-east-2:My_pool_Id", // Identity pool ID
Regions.US_EAST_2 // Region
);
CompareFacesResult result = new AmazonRekognitionClient(credentialsProvider).compareFaces(request);
List < CompareFacesMatch > faceMatches = result.getFaceMatches();
for (CompareFacesMatch match: faceMatches) {
Float similarity = match.getSimilarity();
Log.d(TAG, "run: similarity:" + similarity.toString());
}
怎么了?我在这段代码中做错了什么?
您的错误消息部分 "unauthRole/CognitoIdentityCredentials" 表明您正在向未经身份验证的 Cognito 用户发出请求。可以为未经身份验证的 Cognito 用户分配具有权限策略的 IAM 角色来执行各种任务,但您必须在设置中明确允许这样做。
您是否使用 Cloudformation 设置您的角色和权限?我使用无服务器框架,但它与 Cloudformation 基本相同。
在我的应用程序中,我不允许我的 Cognito 未授权用户做太多事情,但允许我的 Cognito 授权用户调用 lambda,并且该 lambda 被授权执行各种重新识别请求。
原因在于 Cognito 规则。首先需要创建一个规则,然后编辑规则