是否可以承担 IAM 角色iam-role1
链接到 Cognito 组cognito-group1
认知用户的cognito-user1
在 Cognito 用户池中cognito-user-pool1
?
我的配置:
Cognito 用户池cognito-user-pool1
:
- 认知用户
cognito-user1
属于cognito-group1
- 认知组
cognito-group1
已分配给iam-role1
.
Cognito 身份池cognito-identity-pool1
:
- 身份验证提供商:
cognito-user-pool1
- 已验证角色 =
iam-role1
IAM:
- IAM 角色
iam-role1
有访问 S3 ReadOnly 的策略
此代码允许我向 Cognito 用户池进行身份验证:
AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient();
CognitoUserPool userPool = new CognitoUserPool("user-pool-id", "client-id", provider);
CognitoUser user = new CognitoUser("cognito-user1", "client-id", userPool, provider);
InitiateSrpAuthRequest authRequest = new InitiateSrpAuthRequest()
{
Password = "cognito-password1"
};
AuthFlowResponse authResponse = await user.StartWithSrpAuthAsync(authRequest);
然后从cognito身份池获取凭证cognito-identity-pool1
链接到 cognito 用户池cognito-user-pool1
:
CognitoAWSCredentials credentials = user.GetCognitoAWSCredentials("identity-pool-arn", RegionEndpoint.USEast1);
using (var client = new AmazonS3Client(credentials))
...