AWS : Invalid identity pool configuration. Check assigned IAM roles for this pool
Solution 1
Check that the role you have assigned in Cognito Identity Pools (Federated Identities), has a trust relationship with the identity pool.
Get the identity pool ID + the name of the role that isn't working. To do this:
- Go to Cognito
- Select Manage Federated Identities
- Select the identity pool
- Click Edit identity pool (top right)
- Make a note of the identity pool ID
- Make a note of the name of the role that isn't working (e.g. Cognito_blahUnauth_Role
In IAM, check the trust relationship for the role. Ensure that the StringEquals condition value matches the identity pool ID.
To do this:
- Go to IAM
- Click Roles
- Click the name of the role that you noted previously
- Click Trust relationships
- On the right under Conditions, check the StringEquals condition contains the identity pool Id that you noted previously.
Edit the trust relationship to fix.
Solution 2
What you're trying to access here are "Cognito Federated Identity" credentials, which is a separate AWS product to "Cognito User Pools". In-order to retrieve these credentials, you need to connect your User Pool to your Federated Identity Pool.
Perhaps this link will help: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html
Also, I would remove admin access from Unauthenticated permissions, it means anyone with your details has control of your AWS account.
Solution 3
When you create role in IAM
and choose identity provider, make sure you don't choose user pool id, instead, you have to choose identity pool id.
Comments
-
Ankur Akvaliya almost 2 years
I have created one user pool & identity pool.
I have used javascript sdk.
I am able to signup, send confirmation code & confirm user successfully with javascript sdk.
But when i try to sign in user with authenticate method & try to get credentials with "CognitoIdentityCredentials" by passing idToken with below code
logins[cognitoEndpoint + "/" + userPoolId] = jwtToken; AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: identityPoolId, Logins: logins });
it's giving me below error
Error: Invalid identity pool configuration. Check assigned IAM roles for this pool. at Request.extractError (aws-sdk.js:104063) at Request.callListeners (aws-sdk.js:106060) at Request.emit (aws-sdk.js:106034) at Request.emit (aws-sdk.js:105121) at Request.transition (aws-sdk.js:104843) at AcceptorStateMachine.runTo (aws-sdk.js:108480) at aws-sdk.js:108492 at Request.<anonymous> (aws-sdk.js:104859) at Request.<anonymous> (aws-sdk.js:105123) at Request.callListeners (aws-sdk.js:106070)
I have given administrator access to "Unauthenticated role" & "Unauthenticated role" of identity pool and to user whose credentials i am using.
I am new to aws. Can anyone tell me what am i missing?
Any help would be appreciated.
-
nbpeth over 6 yearsthis, thanks. I had forgotten to add this when setting up my cloud formation script
-
Víctor Hugo over 5 yearsThat solved my problem. I had put identity pool name instead of pool id. Thank you.
-
matcheek about 5 yearsI would give you 100+ for this answer if I could. Setup of Users, Groups, Roles, Policies through Cognito and IAM is far from straightforward. Have spent three days on this issue!
-
davidgyoung over 4 yearsI could kiss you, @AlexHague. In my case I had reused an IAM role for another identity pool, and had forgotten about this step. My IAM role only had a trust relationship with the old identity pool. I wish this would answer would have come up in my first Google search instead of four days later.
-
Praneet Nadkar about 4 yearsThis helped !! Thanks.
-
NorahKSakal about 4 yearsCan't thank you enough! I changed the region so the identity pool as correct but not the region and this answer helped me find the error, thanks again!
-
Andrés Montoya almost 3 yearsThanks! This comment helped me with a little error I had :)
-
José Pulido over 2 yearsDude, I'll buy you a beer... Where did you get this workaround or where can I find more information about this? I've spent 8 hours on this, I'm about to crying
-
Jay Hu about 2 yearsThank you so much. I had gotten this erorr because I had deleted and recreated id pool, but reused the roles, which were pointing to the old identity pool id that i had deleted