¿Cómo puedo decodificar y verificar la firma de un token web JSON de Amazon Cognito?

¿Cómo puedo evitar el error «Unable to validate the following destination configurations» con las notificaciones de eventos de Lambda en CloudFormation?

¿Cómo puedo solucionar el error: «The following parameters are not defined for the specified group» al actualizar la versión del motor de mi clúster de RDS con CloudFormation?

¿Por qué se produce el error «Unable to validate the following destination configurations» al crear una notificación de eventos de Amazon S3?

Does this work without the scope claim (to check syntax) or if you use a different value (to check that aws:0123456789012 isn't being treated special)?  https://docs.aws.amazon.com/en_en/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif lists (:aud, :azp, :amr, sub) explicitly, but unclear about other claims.

Given the following JWT Payload:


```
{
  "iss": "https://use.us.auth0.com/",
  "sub": "auth0|633c9a79c4920862610fa",
  "aud": "some-aud",
  "iat": 1664984891,
  "exp": 1665071291,
  "azp": "kWfeLjcWoT1ToQKmyYZQft7liE",
  "scope": "aws:0123456789012"
}
```
is a trust policy such as this one not valid?  I only want to issue a token if the scope matches


```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "arn:aws:iam::123456789012:oidc-provider/user.us.auth0.com/"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "johnnorton.us.auth0.com/:aud": "some-aud",
                    "johnnorton.us.auth0.com/:scope": "aws:0123456789012"
                }
            }
        }
    ]
}
```

However this condition does not seem to be validated.  Are all claims available in trust policies?

ODIC Custom Claim using sts:AssumeRoleWithWebIdentity condition

Contenido relevante