Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Typo that makes Expirement Fail #16

Open
yuhenghub opened this issue May 31, 2022 · 0 comments
Open

Typo that makes Expirement Fail #16

yuhenghub opened this issue May 31, 2022 · 0 comments

Comments

@yuhenghub
Copy link

yuhenghub commented May 31, 2022
edited
Loading

@fayecloudguru During the cloud guru DVA-C01 session, the scripts attched with one bug found, makes the experiment fails:

in the Cognito_Commands.txt file: step 5, the highlight part below is considered as typo, need to remove to keep consistency of the Role name with rest of the guide.

--roles unauthenticated=arn:aws:iam::xxxxx:role/Cognito_DynamoPoolUnauthRole --output json

More backgroud:

Cognito Commands:

  1. Using the CLI, create new identity pool, named DynamoPool, allow unauthenticated entities.
    **** (use ^ - Shift + 6 if you are a windows user, not ) ****

    aws cognito-identity create-identity-pool
    --identity-pool-name DynamoPool
    --allow-unauthenticated-identities
    --output json

  2. Create an IAM role named Cognito_DynamoPoolUnauth.

aws iam create-role --role-name Cognito_DynamoPoolUnauth --assume-role-policy-document file://myCognitoPolicy.json --output json

  1. Grant the Cognito_DynamoPoolUnauth role read access to DynamoDB by attaching a managed policy (AmazonDynamoDBReadOnlyAccess).

aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess --role-name Cognito_DynamoPoolUnauth

  1. Get the IAM role Amazon Resource Name (ARN).
    aws iam get-role --role-name Cognito_DynamoPoolUnauth --output json

  2. Add our role to the Cognito Identity Pool. Replace the pool ID with your own pool ID and use the role ARN from the previous step.

aws cognito-identity set-identity-pool-roles
--identity-pool-id "us-east-1:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
--roles unauthenticated=arn:aws:iam::xxxxx:role/Cognito_DynamoPoolUnauthRole --output json

  1. Double check it worked using:

aws cognito-identity get-identity-pool-roles --identity-pool-id "us-east-1:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

  1. We can now specify the Cognito credentials in our application - i.e. in the JavaScript section of our webpage!
    Replace the identity pool ID with your own and the role ARN with your own role ARN.
    We are going to add this snippet to our index.html:

AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: "us-east-1:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
RoleArn: "arn:aws:iam::xxxxx:role/Cognito_DynamoPoolUnauthRole"
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yuhenghub