1 Answer
- Newest
- Most votes
- Most comments
0
Hello.
When you set up a custom domain for your Cognito user pool, your CloudFront distribution will be associated with it.
Therefore, I think that setting the following IAM policy will eliminate the error.
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowCloudFrontUpdateDistribution",
"Effect": "Allow",
"Action": [
"cloudfront:updateDistribution"
],
"Resource": [
"*"
]
}
]
}
Relevant content
- asked a year ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
Means what you are saying is we need check whether the user running the ci/cd will have this policy if not need to add it to him right? If policy there means what should be the issue?
No, it is the CloudFormation service role that requires setting this policy. Since you are deploying CloudFormation with CodePipeline, you need to set an IAM policy for the CloudFormation service role. I think you set the CloudFormation service role when setting the CodePipeline deployment action, but you need to configure it for that service role.
Just now I checked the issue, is it possible to create the custom domain for the cognito user pool client manaully or not by giving the domain name and acm certificate it is not creating and showing an error like this, could you please help me?
one or more alias specified for the distribution includes an incorrectly configure DNS record that points to another cloud front distribution, You must update the DNS record to correct the problem.