AWS无法订阅SNS主题:CognitoIdentityCredentials无权执行:SNS:订阅

时间:2016-02-18 22:14:02

标签: ios amazon-web-services amazon-cognito

我正在尝试使用以下代码将iOS端点订阅到SNS主题:

    let sns = AWSSNS.defaultSNS()
    let request = AWSSNSCreatePlatformEndpointInput()
    request.token = deviceTokenString
    request.platformApplicationArn = SNSPlatformApplicationArn

    sns.createPlatformEndpoint(request).continueWithExecutor(AWSExecutor.mainThreadExecutor(), withBlock: { (task: AWSTask!) -> AnyObject! in
        if task.error != nil {
            print(task.error)
        } else {
            let createEndpointResponse = task.result as! AWSSNSCreateEndpointResponse

            // Subscribe to the topic
            let subscribeTopicInput = AWSSNSSubscribeInput()
            subscribeTopicInput.endpoint = createEndpointResponse.endpointArn
            subscribeTopicInput.protocols = "application"
            subscribeTopicInput.topicArn = MyTopicARN
            sns.subscribe(subscribeTopicInput).continueWithExecutor(AWSExecutor.mainThreadExecutor(), withBlock: { (topicTask: AWSTask!) -> AnyObject! in

                if topicTask.error != nil {
                    // Authorization error prints here
                    print(topicTask.error)
                }

                return nil
            })

        }

        return nil
    })

尝试订阅主题时收到错误:

UserInfo={Type=Sender, Message=User: arn:aws:its::000000000000:assumed-role/appname_unauth_MOBILEHUB_000000000/CognitoIdentityCredentials is not authorized to perform: SNS:Subscribe on resource:...

this answer的作者解释说,您必须授予Cognito角色中sns:Subscribe的访问权限,以允许您的应用程序拨打此电话。我的Cognito用户已被授予AmazonSNSFullAccess,允许访问所有sns操作(例如sns:*)。为什么我的Cognito用户被拒绝访问?我的主题策略已设置为只有主题所有者才能订阅...但主题所有者似乎与我的Cognito用户相同。

enter image description here

1 个答案:

答案 0 :(得分:2)

我曾使用Amazon Mobile Hub为我配置推送通知。我没有意识到Mobile Hub在该过程中创建了三个角色:

  1. appname_consolepush_MOBILEHUB_000000000
  2. appname_unauth_MOBILEHUB_000000000
  3. MobileHub_Service_Role

    4. iOS应用使用appname_unauth_MOBILEHUB_00000000角色进行连接,而不是我手动创建的用户。此角色不允许sns:Subscribe

    要解决,请:

    1. AmazonSNSFullAccess授予适当的角色
    2. 创建内联策略以允许sns:Subscribe到所有资源(更好的IMO)

      3. 示例:

      {
    "Effect": "Allow",
    "Action": [
        "sns:Subscribe"
    ],
    "Resource": [
        "*"
    ]
}
相关问题
最新问题