Amazon web services 如何允许访问aws boto3中的CognitoIdentityProvider sdk
我正试图编写一个小脚本,从aws cognito用户池获取我的用户详细信息。尽管我的boto3 SDK可以访问我的S3、Dynamodb等,但在尝试时:Amazon web services 如何允许访问aws boto3中的CognitoIdentityProvider sdk,amazon-web-services,boto3,amazon-cognito,Amazon Web Services,Boto3,Amazon Cognito,我正试图编写一个小脚本,从aws cognito用户池获取我的用户详细信息。尽管我的boto3 SDK可以访问我的S3、Dynamodb等,但在尝试时: import boto3 client = boto3.client('cognito-idp') response = client.admin_get_user( UserPoolId='XXXXXX', Username='YYYYYY' ) 我明白了 botocore.exceptions.ClientError: A
import boto3
client = boto3.client('cognito-idp')
response = client.admin_get_user(
UserPoolId='XXXXXX',
Username='YYYYYY'
)
我明白了
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the AdminGetUser operation
但我在文档中找不到如何允许对我的SDK进行此类访问
有什么建议吗?您需要一个IAM策略,允许用户(以及他/她的访问密钥)或资源(EC2、Lambda函数等)执行
cognito idp:AdminGetUser
操作。例如,Cognito的只读策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cognito-identity:Describe*",
"cognito-identity:Get*",
"cognito-identity:List*",
"cognito-idp:AdminGetUser",
"cognito-idp:Describe*",
"cognito-idp:List*",
],
"Resource": "*"
}
]
}
您需要一个IAM策略,允许用户(以及他/她的访问密钥)或资源(EC2、Lambda函数等)执行
cognito idp:AdminGetUser
操作。例如,Cognito的只读策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cognito-identity:Describe*",
"cognito-identity:Get*",
"cognito-identity:List*",
"cognito-idp:AdminGetUser",
"cognito-idp:Describe*",
"cognito-idp:List*",
],
"Resource": "*"
}
]
}