How to send EventBridge PutEvents from web client using Cognito and AWS SDK JavaScript v3?

0

Here is the code:

import { EventBridgeClient, PutEventsCommand } from "@aws-sdk/client-eventbridge";
import { fromCognitoIdentityPool } from '@aws-sdk/credential-provider-cognito-identity';
import { CognitoIdentityClient } from '@aws-sdk/client-cognito-identity';

const IDENTITY_POOL_ID = 'us-east-1:xxx';
const REGION = 'us-east-1';

const ebClient = new EventBridgeClient({
    region: REGION,
    credentials: fromCognitoIdentityPool({
        client: new CognitoIdentityClient({ region: REGION }),
        identityPoolId: IDENTITY_POOL_ID
    })
});

async function sendEvent() {
    const events = {
        Entries: [
            {
                DetailType: 'SubmitOrder',
                Detail: JSON.stringify({
                    orderId: 'abc',
                    // ...
                }),
                Source: 'com.org.app1',
            },
        ],
    };

    try {
        const data = await ebClient.send(new PutEventsCommand(events));
        console.log("Success, event sent; requestID:", data);
    } catch (err) {
        console.log('Error', err);
    }
}

The permissions for the Unauthorized Cognito Identity Pool role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "events:PutEvents",
            "Resource": "arn:aws:events:us-east-1:xxxx:event-bus/default"
        }
    ]
}

Trust policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "cognito-identity.amazonaws.com"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "cognito-identity.amazonaws.com:aud": "us-east-1:xxxx"
                },
                "ForAnyValue:StringLike": {
                    "cognito-identity.amazonaws.com:amr": "unauthenticated"
                }
            }
        }
    ]
}

The error:

AccessDeniedException: User: arn:aws:sts::xxxx:assumed-role/Cognito_XXXidentitypoolUnauth_Role/CognitoIdentityCredentials is not authorized to perform: events:PutEvents on resource: arn:aws:events:us-east-1:xxxx:event-bus/default because no session policy allows the events:PutEvents action
Keine Antworten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen