- 최신
- 최다 투표
- 가장 많은 댓글
Hello,
I don't' get any errors regarding permissions issue, so I didn't considered it may be the problem. Just in case which IAM access should be valid for these operations ?
br Jacko
AWS is pretty bad at giving permission errorsand sometimes doesn't even tell you you're missing them. I don't know if thats the actual issue in question, but it's usually the first place I check when troubleshooting things like this.
I would check to see if you have
cognito-idp:ListDevices
there may be other permissions that are needed, that may require some research on your end, such ascognito-idp:AdminListDevices
.
Please confirm if you have device tracking enabled in your user pool. YOu can use it to suppress MFA on remembered. This is not enabled by default. Please see below:
Yes I do have user's devices set Always remember, but device list is not updated either after successful TOTP device registration or after TOTP successfull authentication. I just wonder at this point if this feature is actually limited only to track devices from the MFA using SMS option ? Has anyone got an example of the User pool setup where devices list is working and device key is saved under devices .
관련 콘텐츠
- AWS 공식업데이트됨 9달 전
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전
Hello,
As far I see my account should have permission to list devices under defined user pool. I have permissions for all cognito-idp , as follows.
"Statement": [ { "Effect": "Allow", "Action": [ .... "cognito-idp:*",
Is it possible that my issue is related to the following topic, where devices list supported only under SDK ? https://repost.aws/questions/QUBLMX7pNpR2ayKpP1VRCTLQ/remember-device-to-suppress-mfa-challenge-using-cognito-hosted-ui