Create a Cognito Identity Pool


#1

From @jayair on Mon Apr 10 2017 00:58:35 GMT+0000 (UTC)

Link to chapter - http://serverless-stack.com/chapters/create-a-cognito-identity-pool.html

Copied from original issue: https://github.com/AnomalyInnovations/serverless-stack-com/issues/19


#2

From @copperspeed on Fri Jul 21 2017 16:46:39 GMT+0000 (UTC)

Hi - Can we add multiple resources here if we multiple api’s?

"Resource": [
  "arn:aws:execute-api:YOUR_API_GATEWAY_REGION:*:YOUR_API_GATEWAY_ID/*",
  "arn:aws:execute-api:YOUR_API_GATEWAY_REGION:*:YOUR_API_GATEWAY_ID/*"
] 

#3

From @jayair on Fri Jul 21 2017 17:05:09 GMT+0000 (UTC)

@copperspeed Yeah you can!


#4

From @bbskuo on Wed Oct 25 2017 20:40:45 GMT+0000 (UTC)

Hi - I see documentation for the authenticated user policy but not for the unauthenticated user. Is there a specific setup for that? Thanks!


#5

From @jayair on Wed Oct 25 2017 21:03:45 GMT+0000 (UTC)

@bbskuo For this tutorial, the app and it’s resources are behind a login. That’s why we only show the authenticated user policy here.


#6

From @mictian on Thu Dec 14 2017 20:32:44 GMT+0000 (UTC)

Hi,
First of all, very nice tutorial, thank you very much!
There is a small point that I dont get it yet (more AWS related that serverless perhaps - sorry for this)
Under which role are the lambdas executed?

I mean, you have defined an IAM role in the serverless.yml, and now a new set of permissions for authenticated users. Is it needed both roles/permissions? Why?

Thank you in advance,
Mictian


#7

From @jayair on Fri Dec 15 2017 17:29:57 GMT+0000 (UTC)

@mictian Yeah it’s pretty confusing.

The IAM portion in the serverless.yml is what the Lambdas have access to. This is different from what a user on the outside can access. The roles for authenticated users in the Identity Pool is telling AWS which services a user can invoke. So a user invokes API Gateway which in turn invokes Lambda. But the Lambda has it’s own set of permissions that are defined in the serverless.yml.

Hopefully that makes some sense.


#8

From @JackEdwardLyons on Sun Dec 17 2017 08:28:37 GMT+0000 (UTC)

Hi, where do I find my API_GATEWAY_ID ?
Do you mean App Client ID?

When I deployed my API in the last chapter, all I got back was this response:

Service Information
service: notes-app-api
stage: prod
region: us-east-2
stack: notes-app-api-prod
api keys:
  None
endpoints:
  POST - https://akse8rq9w0.execute-api.us-east-2.amazonaws.com/prod/notes
  GET - https://akse8rq9w0.execute-api.us-east-2.amazonaws.com/prod/notes/{id}
  GET - https://akse8rq9w0.execute-api.us-east-2.amazonaws.com/prod/notes
  PUT - https://akse8rq9w0.execute-api.us-east-2.amazonaws.com/prod/notes/{id}
  DELETE - https://akse8rq9w0.execute-api.us-east-2.amazonaws.com/prod/notes/{id}
functions:
  create: notes-app-api-prod-create
  get: notes-app-api-prod-get
  list: notes-app-api-prod-list
  update: notes-app-api-prod-update
  delete: notes-app-api-prod-delete

#9

From @mictian on Sun Dec 17 2017 09:52:26 GMT+0000 (UTC)

Hi @jayair,
Sorry for the delay. Thank you for your answer, that makes all the sense.
So no impersonation at all, got it, perfect :smile: !


#10

From @jayair on Sun Dec 17 2017 22:57:59 GMT+0000 (UTC)

@JackEdwardLyons The format looks like this:

https://API_GATEWAY_ID.execute-api.REGION.amazonaws.com/STAGE/PATH

So yours would be, akse8rq9w0.

I’ll add a note to the chapter to make it more clear.


#11

From @mjbf0748 on Wed Mar 28 2018 16:34:15 GMT+0000 (UTC)

@jayair HTTP401: DENIED - The requested resource requires user authentication. I am getting this error in the console, does this strictly have to do with the cognito identity chapter. Do you have any suggestions?


#12

From @jayair on Fri Mar 30 2018 22:17:07 GMT+0000 (UTC)

@mjbf0748 When are you seeing this error?


#13

From @mjbf0748 on Sat Mar 31 2018 06:14:52 GMT+0000 (UTC)

@jayair When I make a ‘get’ call while the app is running. I am getting this error in the console. This is a call to the second dynamodb table I added in the get.js file.


#14

From @jayair on Sat Mar 31 2018 20:43:34 GMT+0000 (UTC)

@mjbf0748 The error sounds like the user is not authenticated. Are you logged in?


#15

From @mjbf0748 on Sun Apr 01 2018 15:12:59 GMT+0000 (UTC)

Yes. I am logged in with the test user created in the early chapters.

On Sat, Mar 31, 2018 at 4:43 PM Jay V notifications@github.com wrote:

@mjbf0748 https://github.com/mjbf0748 The error sounds like the user is
not authenticated. Are you logged in?


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/AnomalyInnovations/serverless-stack-com/issues/19#issuecomment-377722146,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AX2oR2G_DiNtbXQqKQ8fMdl0zHtPDg8Mks5tj-p4gaJpZM4M4OBA
.


#16

From @jayair on Mon Apr 02 2018 18:25:44 GMT+0000 (UTC)

@mjbf0748 So is this happening in the browser? Can I see a screenshot of the error?


#17

From @mjbf0748 on Mon Apr 02 2018 18:38:45 GMT+0000 (UTC)


@jayair


#18

From @jayair on Mon Apr 02 2018 22:07:50 GMT+0000 (UTC)

@mjbf0748 It seems like you are not using any authentication? Do you have this line set in your App.js - https://github.com/AnomalyInnovations/serverless-stack-demo-client/blob/master/src/index.js#L12? And are you making requests using Amplify?


#19

From @mjbf0748 on Tue Apr 03 2018 19:24:12 GMT+0000 (UTC)

@jayair I had not used Amplify since I had started with the previous version of the tutorial. Should I begin by implementing it?


#20

From @jayair on Wed Apr 04 2018 19:36:49 GMT+0000 (UTC)

@mjbf0748 It depends how far along you are. If you are almost done, I’d say complete it and then go over the update. Most of the structure is the same with Amplify. It just makes some parts simpler.