AWS Cognito 仅适用于 USEast1

AWS Cognito Only Working in USEast1

我有一个使用 AWS Cognito API 以 Swift 编写的 iOS 应用程序。连接到 USEast1 按预期工作并验证我的用户

var awsProperties = NSDictionary(contentsOfFile: NSBundle.mainBundle().pathForResource("AWS", ofType: "plist")!)
var credentialsProvider : AWSCognitoCredentialsProvider
var loggedIn = false

override init() {
    credentialsProvider  = AWSCognitoCredentialsProvider.credentialsWithRegionType(
        AWSRegionType.USEast1,
        accountId:awsProperties?.valueForKey(GlobalConstants.AccountId) as String,
        identityPoolId:awsProperties?.valueForKey(GlobalConstants.USIdentityPoolId) as String,
        unauthRoleArn:awsProperties?.valueForKey(GlobalConstants.UnauthDefaultRole) as String,
        authRoleArn:awsProperties?.valueForKey(GlobalConstants.AuthDefaultRole) as String)
}

func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: NSDictionary?) -> Bool {
    let defaultServiceConfiguration = AWSServiceConfiguration(
        region: AWSRegionType.USEast1,
        credentialsProvider: credentialsProvider)
    AWSServiceManager.defaultServiceManager().setDefaultServiceConfiguration(defaultServiceConfiguration)
    credentialsProvider.getIdentityId().continueWithBlock { (task: BFTask!) -> AnyObject! in
        if((task.error) != nil) {
            NSLog("%@", task.error)
        } else {
            NSLog("%@", self.credentialsProvider.identityId)
            self.loggedIn = true
        }
        return self.loggedIn
    }

    return true
}

我有必要的代码允许在单独的登录控制器中登录 G+,没有特定区域。

但是,如果我使用完全相同的代码,但将区域更改为 EUWest1 并使用我基于欧盟的识别池,我会得到以下异常:

AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:453 | __46-[AWSCognitoCredentialsProvider getIdentityId]_block_invoke | In refresh, but identityId is nil.
AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:454 | __46-[AWSCognitoCredentialsProvider getIdentityId]_block_invoke | Result from getIdentityId is (null)

我的 IAM 角色的信任策略允许访问两个身份池:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "accounts.google.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": [
            "eu-west-1:XXXXXX",
            "us-east-1:XXXXXX"
          ]
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "authenticated"
        }
      }
    }
  ]
}

我是否遗漏了我应该覆盖该区域的地方?

通常,在为此苦苦挣扎了几天之后,我终于找到了问题并发布到 SO。

问题是在框架搜索路径上链接了以前版本的 AWS iOS SDK,它没有 EUCentral1。将其包含在枚举中似乎已经更改了索引,并且鉴于 Cognito 仅在 USEast1 和 EUWest1 中受支持,它正在尝试针对不正确的区域进行身份验证。