I want to put object to AWS S3 directly from browser on angular js.
For this, I use cognito developer authentication.
I got cognito identity id and token from my rails server.
With that token(I think it is valid), my put action is rejected from AWS S3 : Invalid login token.
I don't know why..
Here is my code.
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
AccountId: '0000',
IdentityPoolId: 'us-east-1:0000-0000-0000',
RoleArn: 'arn:aws:iam::0000:role/myRoleName',
Logins: {
'cognito-identity.amazonaws.com': 'token from cognito.get_open_id_token_for_developer_identity'
}
});
var bucket = new AWS.S3({ params: { Region: 'ap-northeast-1', Bucket: 'my bucket name' }});
(0000 parts are just sample)
I wonder there is no space for 'identity_id' from cognito.get_open_id_token_for_developer_identity.
Config regioin and s3 region are different because I use tokyo S3 but n.virginia Cognito.
++ I added s3 full access to Managed Policies in my role(myRoleName), and added below setting to Inline policy. (I also added 'resource * version of below setting' to Inline policy)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "0000",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::myBucketName"
]
}
]
}
It looks like you are trying to use the "Basic authflow". Here is a link to our documentation on auth flows:
http://docs.aws.amazon.com/cognito/devguide/identity/concepts/authentication-flow/#developer-authenticated-identities-authflow
This is not using the token you are providing in the logins map.
I recommend using the "Enhanced authflow". To do this:
(1) Make sure your identity pool is configured with the roles you wish your users to use: http://docs.aws.amazon.com/cognito/devguide/identity/concepts/iam-roles/
(2) Remove the AccountId and RoleArn arguments to the identity constructor.