在我的 iOS 应用程序中配置 Amazon Mobile Analytics 和 AWS Cognito 会引发一些与 IAM 相关的异常
Configuring Amazon Mobile Analytics and AWS Cognito in my iOS app raise some exception linked with IAM
这是我得到的错误:
AWSiOSSDKv2 [Error] AWSMobileAnalyticsDefaultDeliveryClient.m line:282
| -[AWSMobileAnalyticsDefaultDeliveryClient submitEvents:andUpdatePolicies:]
| Unable to successfully deliver events to server. Response code: 0.
Error Message:
Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=6
The operation couldn’t be completed.
我在 IAM 中拥有具有以下策略的 AuthRole:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Resource": [
"*"
]
}
]
}
还有一个 Unauth 角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Resource": [
"*"
]
}
]
}
在 cognito-identity.amazonaws.com:aud 条件下 IAM 中提到的字符串与我的应用程序中声明的字符串相匹配。
我不明白问题出在哪里。
编辑
设置代码(Swift)。
private func _configureAWSServiceManager() {
let credentialsProvider = AWSCognitoCredentialsProvider(
regionType: Config().amazonRegionType,
identityPoolId: Config().amazonCognitoIdentityPool)
let configuration =
AWSServiceConfiguration(region: Config().amazonRegionType,
credentialsProvider: credentialsProvider)
AWSServiceManager.defaultServiceManager().defaultServiceConfiguration =
configuration
}
private func _configureMobileAnalytics() {
let mobileAnalyticsConfiguration = AWSMobileAnalyticsConfiguration()
mobileAnalyticsConfiguration.transmitOnWAN = true;
let analytics = AWSMobileAnalytics(
forAppId: Config().amazonMobileAnalyticsAppId,
configuration: mobileAnalyticsConfiguration,
completionBlock: nil)
_analytics = analytics
}
两者都在application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: [NSObject: AnyObject]?)函数的AppDelegate中被连续调用。
编辑/解决方案:经过另一次检查,发现创建 Cognito 身份池的步骤确实创建了一个角色,但该角色未在 unauthenticated role 中分配...愚蠢的事情,一如既往地在 AWS 上进行正确的管理。
您似乎正在尝试使用 AWSRegionUSEast1 以外的区域。 Amazon Mobile Analytics Service 目前仅在 AWSRegionUSEast1 可用。
具体来说:
AWSServiceConfiguration(region: Config().amazonRegionType,
credentialsProvider: credentialsProvider)
应该是:
AWSServiceConfiguration(region: AWSRegionUSEast1,
credentialsProvider: credentialsProvider)
虽然您可以使用任何可用的 Cognito 身份区域,但必须将事件提交到 AWSRegionUSEast1。
let credentialsProvider = AWSCognitoCredentialsProvider(
regionType: AWSRegionEUWest1,
identityPoolId: Config().amazonCognitoIdentityPool)
let configuration = AWSServiceConfiguration(region: AWSRegionUSEast1,
credentialsProvider: credentialsProvider)
问题与 CognitoIdentity 有关,与 MobileAnalytics 无关。根据文档,AWSCognitoIdentityErrorDomain Code=6 表示 InvalidIdentityPoolConfiguration.
"identity pool has no role associated for the given auth type (auth/unauth) or if the AssumeRole fails."
我的建议是登录 AWS Web 控制台 -> Cognito,仔细检查身份池的设置。并确保 RegionType 与您在 Web 控制台(屏幕右上角)中创建的匹配:CognitoIdentity 当前支持 us-east-1 和 eu-west- 1。
对于 MobileAnalytics,确保仅将 configuration.serviceConfiguration.regionType 设置为 us-east-1。
http://docs.aws.amazon.com/AWSiOSSDK/latest/Constants/AWSCognitoIdentityErrorType.html
这是我得到的错误:
AWSiOSSDKv2 [Error] AWSMobileAnalyticsDefaultDeliveryClient.m line:282 | -[AWSMobileAnalyticsDefaultDeliveryClient submitEvents:andUpdatePolicies:] | Unable to successfully deliver events to server. Response code: 0. Error Message: Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=6 The operation couldn’t be completed.
我在 IAM 中拥有具有以下策略的 AuthRole:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Resource": [
"*"
]
}
]
}
还有一个 Unauth 角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Resource": [
"*"
]
}
]
}
在 cognito-identity.amazonaws.com:aud 条件下 IAM 中提到的字符串与我的应用程序中声明的字符串相匹配。
我不明白问题出在哪里。
编辑
设置代码(Swift)。
private func _configureAWSServiceManager() {
let credentialsProvider = AWSCognitoCredentialsProvider(
regionType: Config().amazonRegionType,
identityPoolId: Config().amazonCognitoIdentityPool)
let configuration =
AWSServiceConfiguration(region: Config().amazonRegionType,
credentialsProvider: credentialsProvider)
AWSServiceManager.defaultServiceManager().defaultServiceConfiguration =
configuration
}
private func _configureMobileAnalytics() {
let mobileAnalyticsConfiguration = AWSMobileAnalyticsConfiguration()
mobileAnalyticsConfiguration.transmitOnWAN = true;
let analytics = AWSMobileAnalytics(
forAppId: Config().amazonMobileAnalyticsAppId,
configuration: mobileAnalyticsConfiguration,
completionBlock: nil)
_analytics = analytics
}
两者都在application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: [NSObject: AnyObject]?)函数的AppDelegate中被连续调用。
编辑/解决方案:经过另一次检查,发现创建 Cognito 身份池的步骤确实创建了一个角色,但该角色未在 unauthenticated role 中分配...愚蠢的事情,一如既往地在 AWS 上进行正确的管理。
您似乎正在尝试使用 AWSRegionUSEast1 以外的区域。 Amazon Mobile Analytics Service 目前仅在 AWSRegionUSEast1 可用。
具体来说:
AWSServiceConfiguration(region: Config().amazonRegionType,
credentialsProvider: credentialsProvider)
应该是:
AWSServiceConfiguration(region: AWSRegionUSEast1,
credentialsProvider: credentialsProvider)
虽然您可以使用任何可用的 Cognito 身份区域,但必须将事件提交到 AWSRegionUSEast1。
let credentialsProvider = AWSCognitoCredentialsProvider(
regionType: AWSRegionEUWest1,
identityPoolId: Config().amazonCognitoIdentityPool)
let configuration = AWSServiceConfiguration(region: AWSRegionUSEast1,
credentialsProvider: credentialsProvider)
问题与 CognitoIdentity 有关,与 MobileAnalytics 无关。根据文档,AWSCognitoIdentityErrorDomain Code=6 表示 InvalidIdentityPoolConfiguration.
"identity pool has no role associated for the given auth type (auth/unauth) or if the AssumeRole fails."
我的建议是登录 AWS Web 控制台 -> Cognito,仔细检查身份池的设置。并确保 RegionType 与您在 Web 控制台(屏幕右上角)中创建的匹配:CognitoIdentity 当前支持 us-east-1 和 eu-west- 1。
对于 MobileAnalytics,确保仅将 configuration.serviceConfiguration.regionType 设置为 us-east-1。
http://docs.aws.amazon.com/AWSiOSSDK/latest/Constants/AWSCognitoIdentityErrorType.html