- 新しい順
- 投票が多い順
- コメントが多い順
The "Action" property as an array was key to solving this, and specifically using the "$connect" string.
Here is what is working for me (with some values modified for privacy) and comments added.
Note: I am using the AWS Gateway V2 API, websocket protocol, Cognito with no users (only an App client).
{
"principalId": "7p9f415hnxxbfbch17jnaenccs", // this is the "App client ID" from the App integration section of Cognito
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [ // <--- this must be an array
"execute-api:Invoke"
],
"Effect": "Allow",
"Resource": [
"arn:aws:execute-api:us-east-1:321987567111:1c9kv22z8g/stage-devwarren2/$connect"
]
}
]
},
"context": null,
"usageIdentifierKey": null
}
I am fighting with a lambda authorizer also -- getting 403 and 500 errors.
My return AuthPolicy looks just like yours, but I also do not know what to use in the "principalId" field. Have tried lots of stuff.
I have a "test" App Client in my Cognito pool, but I have no users.
What bugs me at this point is that there appears to be no way to add debugging information -- 403 "User is not authorized to access this resource" is not what my lambda returns! Whatever code generates that response should allow for some debugging info in the log output.
関連するコンテンツ
- AWS公式更新しました 2年前
- AWS公式更新しました 2年前