Unauthenticated Access to Maps Not Working But Authenticated Access is

Question

I have a map in AWS Location Service and a React frontend with mapbox-gl. When accessing this resource as an authenticated user everything works fine. The attached policies for the unauthenticated role have the same map permissions and yet unauthenticated access does not work. The role has other permissions too for appsync and these do work in both the unauthenticated and authenticated cases which indicates that the role is being assumed in both cases. The error message when trying to access the map as an unauthenticated user states that the user assumed the correct unauthenticated role but was not permitted to access the map but as far as I can tell they are (same policies as authenticated role which works). Could the problem be that my Cognito resources are in eu-west-2 (London) and the map is in eu-west-1 (Ireland) ? If so, not sure why it works for authenticated access. If this is the issue, any idea when the service will be available in eu-west-2?

Accepted Answer

Hi GrahamHesketh.  
  
Yes, the problem is that you're using Amazon Cognito pools homed in eu-west-2. Cognito applies a scope-down policy that further limits access to APIs (see https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html#access-policies); since Amazon Location is unavailable in eu-west-2, credentials vended in that region are fully restricted from using it. To work around this, you will need to use a Cognito unauthenticated identity pool homed in eu-west-1 (or one of the other regions Amazon Location is available in).  
  
Sorry, we can't comment on future region availability at this time.  
  
seth

Unauthenticated Access to Maps Not Working But Authenticated Access is

관련 콘텐츠