嗨:)希望你做得很好。
我尝试使用未经身份验证的用户检索 STS 令牌,该用户尝试通过调用 get_credentials_for_identity 端点从身份池中检索令牌。 这是m代码:
let unauth_credentials = aws_config::defaults(aws_config::BehaviorVersion::latest())
.region("eu-central-1")
.no_credentials()
.load().await;
let identity_client = aws_sdk_cognitoidentity::Client::new(&unauth_credentials);
let cred_res = identity_client
.get_credentials_for_identity()
.identity_id("eu-central-1:b1c4f066-8cfe-44ae-9809-a938905a45fc")
.logins("cognito-idp.eu-central-1.amazonaws.com/eu-central-1_vexpZDVTF", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")
.send()
.await;
match cred_res {
Ok(credentials) => {
if let Some(cred) = credentials.credentials {
// s3_config.() = c;
std::env::set_var("AWS_ACCESS_KEY_ID", cred.access_key_id.unwrap_or("".to_string()));
std::env::set_var("AWS_SECRET_ACCESS_KEY", cred.secret_key.unwrap_or("".to_string()));
};
eprintln!("no credentials returned by identity pool");
},
Err(err) => {
err.map_service_error(|err| {
match err {
aws_sdk_cognitoidentity::operation::get_credentials_for_identity::GetCredentialsForIdentityError::ExternalServiceException(err) => eprintln!("error retriveing identity pool credentials: {}", err),
aws_sdk_cognitoidentity::operation::get_credentials_for_identity::GetCredentialsForIdentityError::InternalErrorException(err) => eprintln!("error retriveing identity pool credentials: {}", err),
aws_sdk_cognitoidentity::operation::get_credentials_for_identity::GetCredentialsForIdentityError::InvalidIdentityPoolConfigurationException(err) => eprintln!("error retriveing identity pool credentials: {}", err),
aws_sdk_cognitoidentity::operation::get_credentials_for_identity::GetCredentialsForIdentityError::InvalidParameterException(err) => eprintln!("error retriveing identity pool credentials: {}", err),
aws_sdk_cognitoidentity::operation::get_credentials_for_identity::GetCredentialsForIdentityError::NotAuthorizedException(err) => eprintln!("error retriveing identity pool credentials: {}", err),
aws_sdk_cognitoidentity::operation::get_credentials_for_identity::GetCredentialsForIdentityError::ResourceConflictException(err) => eprintln!("error retriveing identity pool credentials: {}", err),
aws_sdk_cognitoidentity::operation::get_credentials_for_identity::GetCredentialsForIdentityError::ResourceNotFoundException(err) => eprintln!("error retriveing identity pool credentials: {}", err),
aws_sdk_cognitoidentity::operation::get_credentials_for_identity::GetCredentialsForIdentityError::TooManyRequestsException(err) => eprintln!("error retriveing identity pool credentials: {}", err),
aws_sdk_cognitoidentity::operation::get_credentials_for_identity::GetCredentialsForIdentityError::Unhandled(_) => eprintln!("error retriveing identity pool credentials: Unhandled"),
err => eprintln!("error retriveing identity pool credentials: {}", err),
}
});
}
}
// Instantiate the client SFTER the ENV vaiables have been RESET
let config = aws_config::load_from_env().await;
let s3_client = aws_sdk_s3::Client::new(&config);
json_bytes = get_object(s3_client, "etisreal-cognito-bucket", req_obj).await.unwrap();
我都试过了。我尝试使用 load_from_env 函数进行调用来设置 aws_config,并且正如您所看到的,没有设置凭据,有点与我看到的这个问题有关。
我还尝试根据这个 stackoverflow 问题将这些角色添加到我的 lambda 函数(此代码在其中执行)。
还是什么都没有。“identity_id”是我的身份池 ID,我对其进行了两次、三次检查,直接从 AWS 控制台复制并粘贴,因此 100% 正确。
与“登录”身份相同,区域以及认知池 ID 都是正确的,尽管由于我设置了未经身份验证的用户访问,所以应该没有必要,对吗?
但无论如何,我很乐意完成这项工作,并且如果有人能够向我揭示我到底错过了什么,我将非常感激:/
提前非常感谢您,祝您度过愉快的一天
事情是这样的,您
首先需要调用get_id
函数来获取匿名(如果启用)或经过身份验证的identityId
if let Some(token) = jwt_token {
identity_id = match identity_client
.get_id()
.identity_pool_id("REGION:GUID")
.logins("cognito-idp.<region>.amazonaws.com/ID", token)
.send()
.await {
Ok(id) => id.identity_id.unwrap_or(String::from("REGION:GUID")),
Err(err) => {
eprintln!("error getting id: {}", err.meta());
String::from("REGION:GUID")
},
};
} else {
identity_id = match identity_client
.get_id()
.identity_pool_id("REGION:GUID")
.send()
.await {
Ok(id) => id.identity_id.unwrap_or(String::from("REGION:GUID")),
Err(err) => {
eprintln!("error getting id: {}", err.meta());
String::from("REGION:GUID")
},
};
}
然后,您根据给定 IdentityPool - CognitoPool 组合 wombo 检索到的身份(再次,匿名或经过身份验证)请求 credentials
。检索凭证的调用将如下所示:
let cred_res = identity_client
.get_credentials_for_identity()
.identity_id(identity_id)
.send()
.await;
match cred_res {
Ok(credentials) => {
if let Some(cred) = credentials.credentials {
std::env::set_var("AWS_ACCESS_KEY_ID", cred.access_key_id().unwrap_or(""));
std::env::set_var("AWS_SECRET_ACCESS_KEY", cred.secret_key().unwrap_or(""));
std::env::set_var("AWS_SESSION_TOKEN", cred.session_token().unwrap_or(""));
} else {
eprintln!("no credentials returned by identity pool");
}
},
...
干杯:)