AWS : Invalid identity pool configuration. Check assigned IAM roles for this pool

javascript angularjs amazon-web-services aws-sdk amazon-cognito
18,740

Solution 1

Check that the role you have assigned in Cognito Identity Pools (Federated Identities), has a trust relationship with the identity pool.

Get the identity pool ID + the name of the role that isn't working. To do this:

  • Go to Cognito
  • Select Manage Federated Identities
  • Select the identity pool
  • Click Edit identity pool (top right)
  • Make a note of the identity pool ID
  • Make a note of the name of the role that isn't working (e.g. Cognito_blahUnauth_Role

In IAM, check the trust relationship for the role. Ensure that the StringEquals condition value matches the identity pool ID.

To do this:

  • Go to IAM
  • Click Roles
  • Click the name of the role that you noted previously
  • Click Trust relationships
  • On the right under Conditions, check the StringEquals condition contains the identity pool Id that you noted previously.

Edit the trust relationship to fix.

Solution 2

What you're trying to access here are "Cognito Federated Identity" credentials, which is a separate AWS product to "Cognito User Pools". In-order to retrieve these credentials, you need to connect your User Pool to your Federated Identity Pool.

Perhaps this link will help: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html

Also, I would remove admin access from Unauthenticated permissions, it means anyone with your details has control of your AWS account.

Solution 3

When you create role in IAM and choose identity provider, make sure you don't choose user pool id, instead, you have to choose identity pool id.

Share:
18,740
Ankur Akvaliya
Author by

Ankur Akvaliya

BY DAY : Work at Albiorix Technologies

Updated on June 23, 2022

Comments

  • Ankur Akvaliya
    Ankur Akvaliya almost 2 years

    I have created one user pool & identity pool.

    I have used javascript sdk.

    I am able to signup, send confirmation code & confirm user successfully with javascript sdk.

    But when i try to sign in user with authenticate method & try to get credentials with "CognitoIdentityCredentials" by passing idToken with below code

    logins[cognitoEndpoint + "/" + userPoolId] = jwtToken;

    AWS.config.credentials = new AWS.CognitoIdentityCredentials({
      IdentityPoolId: identityPoolId,
      Logins: logins
    });

    it's giving me below error

    Error: Invalid identity pool configuration. Check assigned IAM roles for this pool.
    at Request.extractError (aws-sdk.js:104063)
    at Request.callListeners (aws-sdk.js:106060)
    at Request.emit (aws-sdk.js:106034)
    at Request.emit (aws-sdk.js:105121)
    at Request.transition (aws-sdk.js:104843)
    at AcceptorStateMachine.runTo (aws-sdk.js:108480)
    at aws-sdk.js:108492
    at Request.<anonymous> (aws-sdk.js:104859)
    at Request.<anonymous> (aws-sdk.js:105123)
    at Request.callListeners (aws-sdk.js:106070)

    I have given administrator access to "Unauthenticated role" & "Unauthenticated role" of identity pool and to user whose credentials i am using.

    I am new to aws. Can anyone tell me what am i missing?

    Any help would be appreciated.

  • nbpeth
    nbpeth over 6 years
    this, thanks. I had forgotten to add this when setting up my cloud formation script
  • Víctor Hugo
    Víctor Hugo over 5 years
    That solved my problem. I had put identity pool name instead of pool id. Thank you.
  • matcheek
    matcheek about 5 years
    I would give you 100+ for this answer if I could. Setup of Users, Groups, Roles, Policies through Cognito and IAM is far from straightforward. Have spent three days on this issue!
  • davidgyoung
    davidgyoung over 4 years
    I could kiss you, @AlexHague. In my case I had reused an IAM role for another identity pool, and had forgotten about this step. My IAM role only had a trust relationship with the old identity pool. I wish this would answer would have come up in my first Google search instead of four days later.
  • Praneet Nadkar
    Praneet Nadkar about 4 years
    This helped !! Thanks.
  • NorahKSakal
    NorahKSakal about 4 years
    Can't thank you enough! I changed the region so the identity pool as correct but not the region and this answer helped me find the error, thanks again!
  • Andrés Montoya
    Andrés Montoya almost 3 years
    Thanks! This comment helped me with a little error I had :)
  • José Pulido
    José Pulido over 2 years
    Dude, I'll buy you a beer... Where did you get this workaround or where can I find more information about this? I've spent 8 hours on this, I'm about to crying
  • Jay Hu
    Jay Hu about 2 years
    Thank you so much. I had gotten this erorr because I had deleted and recreated id pool, but reused the roles, which were pointing to the old identity pool id that i had deleted

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
How to use the code returned from Cognito to get AWS credentials?
How to confirm user in Cognito User Pools without verifying email or phone?
AWS Cognito + google signup
AWS Cognito Identity NotAuthorizedException
How to query items from AWS S3 by date created
Uncaught reference error: AWS not defined
How to support transactions in dynamoDB with javascript aws-sdk?
AWS Cognito Mock
How to check Email Already exists in AWS Cognito?