我有一个简单的 iOS 应用程序,可以上传到 s3。我正在尝试各种 unauth - 尽管理想情况下我想做 Facebook。
2 个 IAM 角色(使用向导创建)。 IAM 身份验证策略(对于 unauth 角色):
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::[mybucketname]/*"
}
]
}
我的constants.h 文件(已清理):
#define AWSID @"[12 digit num]"
#define PoolID @"us-east-1:[long id number]"
#define CRUnauth @"arn:aws:iam::[id num]:role/Cognito_Auth_DefaultRole"
#define CRAuth @"arn:aws:iam::[id num]:role/Cognito_auth_DefaultRole"
我的 appDelegate.m 文件有以下内容:
credentialsProvider = [AWSCognitoCredentialsProvider credentialsWithRegionType:AWSRegionUSEast1 accountId:AWSID identityPoolId:PoolID unauthRoleArn:CRUnauth authRoleArn:nil];
AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:AWSRegionSAEast1
credentialsProvider:credentialsProvider];
[AWSServiceManager defaultServiceManager].defaultServiceConfiguration = configuration;
我将凭证提供程序设置为一个属性,因为我需要在某个时候添加 Facebook 登录信息。
我只是上传一个捆绑图像来测试这一点。在我的视图控制器中:
if([app.fb_token length] > 0){
app.credentialsProvider.logins = @{ @(AWSCognitoLoginProviderKeyFacebook): app.fb_token };
}
AWSS3TransferManager *transferManager = [AWSS3TransferManager defaultS3TransferManager];
UIImage *image = [UIImage imageNamed:@"yayDot"];
NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory,
NSUserDomainMask, YES);
NSString *documentsDirectory = [paths objectAtIndex:0];
NSString* path = [documentsDirectory stringByAppendingPathComponent:
@"yayDot.png" ];
NSData* data = UIImagePNGRepresentation(image);
[data writeToFile:path atomically:YES];
AWSS3TransferManagerUploadRequest *uploadRequest = [AWSS3TransferManagerUploadRequest new];
uploadRequest.body = [NSURL URLWithString:path];
uploadRequest.key = @"yayDot.png";
uploadRequest.bucket = thebucket;
[AWSLogger defaultLogger].logLevel = AWSLogLevelVerbose;
[[transferManager upload:uploadRequest] continueWithBlock:^id(BFTask *task) {
// Do something with the response
NSLog(@"result: %@", task.result);
return nil;
}];
完整错误:
AWSURLResponseSerialization.m line:258 | -[AWSXMLResponseSerializer responseObjectForResponse:originalRequest:currentRequest:data:error:] | Response header: [{
"Content-Length" = 299;
"Content-Type" = "text/xml";
Date = "Tue, 27 Jan 2015 18:54:17 GMT";
"x-amzn-RequestId" = "xxxxx";
}]
2015-01-27 10:54:18.052 AWSiOSSDKv2 [Verbose] AWSURLResponseSerialization.m line:263 | -[AWSXMLResponseSerializer responseObjectForResponse:originalRequest:currentRequest:data:error:] | Response body: [<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>AccessDenied</Code>
<Message>Not authorized to perform sts:AssumeRoleWithWebIdentity</Message>
</Error>
<RequestId>xxxxx</RequestId>
</ErrorResponse>
]
2015-01-27 10:54:18.059 lookyloo[20024:332664] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:587 | __40-[AWSCognitoCredentialsProvider refresh]_block_invoke356 | Unable to refresh. Error is [Error Domain=com.amazonaws.AWSSTSErrorDomain Code=0 "The operation couldn’t be completed. (com.amazonaws.AWSSTSErrorDomain error 0.)" UserInfo=0x7d936310 {Type=Sender, Message=Not authorized to perform sts:AssumeRoleWithWebIdentity, __text=(
"\n ",
"\n ",
"\n ",
"\n "
), Code=AccessDenied}]
