C# AmazonCongnitoIdentityProviderException:用户无权对资源执行cognito idp:DescribeUserPool
我正在学习将AWS与ASP.NET核心站点集成。我使用AWS Cognito作为用户存储。我创建了一个注册表单,它实际上充当了AWS Cognito的接口。到目前为止,我已经完成了以下步骤:C# AmazonCongnitoIdentityProviderException:用户无权对资源执行cognito idp:DescribeUserPool,c#,amazon-web-services,asp.net-core,C#,Amazon Web Services,Asp.net Core,我正在学习将AWS与ASP.NET核心站点集成。我使用AWS Cognito作为用户存储。我创建了一个注册表单,它实际上充当了AWS Cognito的接口。到目前为止,我已经完成了以下步骤: 在AWS Cognito中创建了一个用户池 在IAM服务中创建了一个用户。已将现有策略“AmazonCongnitodeveloperAuthenticatedIdentifications”附加到此用户 在Windows中的用户配置文件目录中创建了凭据文件。在此文件中设置aws\u访问密钥\u id和
public class Accounts : Controller
{
SignInManager<CognitoUser> _signInManager;
UserManager<CognitoUser> _userManager;
CognitoUserPool _pool;
public Accounts(SignInManager<CognitoUser> signInManager, UserManager<CognitoUser>
userManager, CognitoUserPool pool)
{
_signInManager = signInManager;
_userManager = userManager;
_pool = pool;
}
[HttpPost]
public async Task<IActionResult> SignUp(SignupModel model)
{
if (ModelState.IsValid)
{
var user = _pool.GetUser(model.Email);
if (user.Status != null)
{
ModelState.AddModelError("UserExists", "User with this email already exists");
return View(model);
}
user.Attributes.Add(CognitoAttribute.Name.AttributeName, model.Email);
var createdUser = await _userManager.CreateAsync(user, model.Password);
if (createdUser.Succeeded)
{
RedirectToAction("Confirm");
}
}
return View();
}
}
我知道这与IAM的政策有关,但我无法确定我缺少的确切设置。有人可以帮忙吗?您的用户不是管理员添加到IAM uesrs权限管理员访问您的用户不是管理员添加到IAM uesrs权限管理员访问转到IAM用户,选择用户,单击“添加内联策略”,查找服务“Cognito用户池”,搜索操作“DescribeUserPool”,添加用户池arn,创建策略转到IAM用户,选择用户,单击“添加内联策略”,查找服务“Cognito用户池”,搜索操作“DescribeUserPool”,添加用户池arn,创建策略
public class Accounts : Controller
{
SignInManager<CognitoUser> _signInManager;
UserManager<CognitoUser> _userManager;
CognitoUserPool _pool;
public Accounts(SignInManager<CognitoUser> signInManager, UserManager<CognitoUser>
userManager, CognitoUserPool pool)
{
_signInManager = signInManager;
_userManager = userManager;
_pool = pool;
}
[HttpPost]
public async Task<IActionResult> SignUp(SignupModel model)
{
if (ModelState.IsValid)
{
var user = _pool.GetUser(model.Email);
if (user.Status != null)
{
ModelState.AddModelError("UserExists", "User with this email already exists");
return View(model);
}
user.Attributes.Add(CognitoAttribute.Name.AttributeName, model.Email);
var createdUser = await _userManager.CreateAsync(user, model.Password);
if (createdUser.Succeeded)
{
RedirectToAction("Confirm");
}
}
return View();
}
}
AmazonCognitoIdentityProviderException: User: arn:aws:iam::777844316068:user/xxxx is not authorized to perform: cognito-idp:DescribeUserPool on resource: arn:aws:cognito-idp:us-east-2:777844316068:userpool/us-east-2_115WHTcaH