在我的 iOS 应用程序中配置 Amazon Mobile Analytics 和 AWS Cognito 会引发一些与 IAM 相关的异常

Configuring Amazon Mobile Analytics and AWS Cognito in my iOS app raise some exception linked with IAM

这是我得到的错误:

AWSiOSSDKv2 [Error] AWSMobileAnalyticsDefaultDeliveryClient.m line:282 
| -[AWSMobileAnalyticsDefaultDeliveryClient submitEvents:andUpdatePolicies:] 
| Unable to successfully deliver events to server. Response code: 0. 
Error Message:
Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=6 
The operation couldn’t be completed.

我在 IAM 中拥有具有以下策略的 AuthRole:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "mobileanalytics:PutEvents",
        "cognito-sync:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

还有一个 Unauth 角色:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "mobileanalytics:PutEvents",
        "cognito-sync:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

cognito-identity.amazonaws.com:aud 条件下 IAM 中提到的字符串与我的应用程序中声明的字符串相匹配。

我不明白问题出在哪里。

编辑

设置代码(Swift)。

private func _configureAWSServiceManager() {
    let credentialsProvider = AWSCognitoCredentialsProvider(
        regionType: Config().amazonRegionType,
        identityPoolId: Config().amazonCognitoIdentityPool)
    let configuration =
    AWSServiceConfiguration(region: Config().amazonRegionType,
        credentialsProvider: credentialsProvider)
    AWSServiceManager.defaultServiceManager().defaultServiceConfiguration =
    configuration
}

private func _configureMobileAnalytics() {
    let mobileAnalyticsConfiguration = AWSMobileAnalyticsConfiguration()
    mobileAnalyticsConfiguration.transmitOnWAN = true;

    let analytics = AWSMobileAnalytics(
        forAppId: Config().amazonMobileAnalyticsAppId,
        configuration: mobileAnalyticsConfiguration,
        completionBlock: nil)
    _analytics = analytics
}

两者都在application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: [NSObject: AnyObject]?)函数的AppDelegate中被连续调用。

编辑/解决方案:经过另一次检查,发现创建 Cognito 身份池的步骤确实创建了一个角色,但该角色未在 unauthenticated role 中分配...愚蠢的事情,一如既往地在 AWS 上进行正确的管理。

您似乎正在尝试使用 AWSRegionUSEast1 以外的区域。 Amazon Mobile Analytics Service 目前仅在 AWSRegionUSEast1 可用。

具体来说:

AWSServiceConfiguration(region: Config().amazonRegionType,
    credentialsProvider: credentialsProvider)

应该是:

AWSServiceConfiguration(region: AWSRegionUSEast1,
    credentialsProvider: credentialsProvider)

虽然您可以使用任何可用的 Cognito 身份区域,但必须将事件提交到 AWSRegionUSEast1。

let credentialsProvider = AWSCognitoCredentialsProvider(
        regionType: AWSRegionEUWest1,
        identityPoolId: Config().amazonCognitoIdentityPool)
let configuration = AWSServiceConfiguration(region: AWSRegionUSEast1,
        credentialsProvider: credentialsProvider)

问题与 CognitoIdentity 有关,与 MobileAnalytics 无关。根据文档,AWSCognitoIdentityErrorDomain Code=6 表示 InvalidIdentityPoolConfiguration.

"identity pool has no role associated for the given auth type (auth/unauth) or if the AssumeRole fails."

我的建议是登录 AWS Web 控制台 -> Cognito,仔细检查身份池的设置。并确保 RegionType 与您在 Web 控制台(屏幕右上角)中创建的匹配:CognitoIdentity 当前支持 us-east-1eu-west- 1

对于 MobileAnalytics,确保仅将 configuration.serviceConfiguration.regionType 设置为 us-east-1

http://docs.aws.amazon.com/AWSiOSSDK/latest/Constants/AWSCognitoIdentityErrorType.html