Amazon web services 如何允许访问aws boto3中的CognitoIdentityProvider sdk_Amazon Web Services_Boto3_Amazon Cognito

Amazon web services 如何允许访问aws boto3中的CognitoIdentityProvider sdk

amazon-web-services

Amazon web services 如何允许访问aws boto3中的CognitoIdentityProvider sdk,amazon-web-services,boto3,amazon-cognito,Amazon Web Services,Boto3,Amazon Cognito,我正试图编写一个小脚本，从aws cognito用户池获取我的用户详细信息。尽管我的boto3 SDK可以访问我的S3、Dynamodb等，但在尝试时： import boto3 client = boto3.client('cognito-idp') response = client.admin_get_user( UserPoolId='XXXXXX', Username='YYYYYY' ) 我明白了 botocore.exceptions.ClientError: A

我正试图编写一个小脚本，从aws cognito用户池获取我的用户详细信息。尽管我的boto3 SDK可以访问我的S3、Dynamodb等，但在尝试时：

import boto3
client = boto3.client('cognito-idp')
response = client.admin_get_user(
    UserPoolId='XXXXXX',
    Username='YYYYYY'
)

我明白了

botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the AdminGetUser operation

但我在文档中找不到如何允许对我的SDK进行此类访问

有什么建议吗？

您需要一个IAM策略，允许用户（以及他/她的访问密钥）或资源（EC2、Lambda函数等）执行

cognito idp:AdminGetUser

操作。例如，Cognito的只读策略：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cognito-identity:Describe*",
        "cognito-identity:Get*",
        "cognito-identity:List*",
        "cognito-idp:AdminGetUser",
        "cognito-idp:Describe*",
        "cognito-idp:List*",
      ],
      "Resource": "*"
    }
  ]
}

您需要一个IAM策略，允许用户（以及他/她的访问密钥）或资源（EC2、Lambda函数等）执行

cognito idp:AdminGetUser

操作。例如，Cognito的只读策略：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cognito-identity:Describe*",
        "cognito-identity:Get*",
        "cognito-identity:List*",
        "cognito-idp:AdminGetUser",
        "cognito-idp:Describe*",
        "cognito-idp:List*",
      ],
      "Resource": "*"
    }
  ]
}