- Newest
- Most votes
- Most comments
Does your CLI user have sufficient IAM access to view the needed Cognito resources?
Hello,
I don't' get any errors regarding permissions issue, so I didn't considered it may be the problem. Just in case which IAM access should be valid for these operations ?
br Jacko
AWS is pretty bad at giving permission errorsand sometimes doesn't even tell you you're missing them. I don't know if thats the actual issue in question, but it's usually the first place I check when troubleshooting things like this.
I would check to see if you have
cognito-idp:ListDevices
there may be other permissions that are needed, that may require some research on your end, such ascognito-idp:AdminListDevices
.
Please confirm if you have device tracking enabled in your user pool. YOu can use it to suppress MFA on remembered. This is not enabled by default. Please see below:
Yes I do have user's devices set Always remember, but device list is not updated either after successful TOTP device registration or after TOTP successfull authentication. I just wonder at this point if this feature is actually limited only to track devices from the MFA using SMS option ? Has anyone got an example of the User pool setup where devices list is working and device key is saved under devices .
Relevant content
- asked 2 years ago
- asked 7 months ago
- asked 4 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Hello,
As far I see my account should have permission to list devices under defined user pool. I have permissions for all cognito-idp , as follows.
"Statement": [ { "Effect": "Allow", "Action": [ .... "cognito-idp:*",
Is it possible that my issue is related to the following topic, where devices list supported only under SDK ? https://repost.aws/questions/QUBLMX7pNpR2ayKpP1VRCTLQ/remember-device-to-suppress-mfa-challenge-using-cognito-hosted-ui