Hello,
I'm developing an API service to list the users from Cognito pool. While deploying chalice says - "Unsupported service: cognito-idp"
$ chalice deploy --stage dev
Environment is dev
Initial creation of lambda function.
Creating role
Unsupported service: cognito-idp
...
And post deployment, when I tried to access the API, It respond with the below error:
_An error occurred (AccessDeniedException) when calling the ListUsers operation: User: arn:aws:sts::xxxxx:assumed-role/user_auth-dev/user_auth-dev is not authorized to perform: cognito-idp:ListUsers on resource: arn:aws:cognito-idp:us-west-2:xxxxx:userpool/xxxxx_
Here, am using AWS chalice (1.0.1) and Boto3 (1.4.6)
Sample Code:
@app.route('/list_users')
def list_users():
client = boto3.client('cognito-idp')
user_list = client.list_users(UserPoolId=xxxx)
...
In case Chalice doesn't yet support 'cognito-idp'. Are there any alternative to achieve the listing of Cognito Pool Users?
Appreciate your support!
Thanks,
Pawan
pshirbhate
All 2 comments
Thanks for reporting. This is a bug, we'll get this fixed. In the meantime, you can disable policy generation to work around this ("autogen_policy: false in your config.json)
jamesls
on 8 Sep 2017
Thanks James, It helps.
Configured a policy-dev.json manually to allow listing of users on resource: arn:aws:cognito-idp. After setting "auto-policy" (in config.json) to false, Chalice didn't auto-generate the policy and loaded the local policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
**"cognito-idp:ListUsers"**
],
"Resource": [
"arn:aws:logs:*:*:*",
**"arn:aws:cognito-idp:*:*:*"**
],
"Effect": "Allow"
}
]
}
Related issues
whatsdis
路
4Comments
kortina
路
3Comments
variable
路
4Comments
jarretraim
路
3Comments
vrinda1410
路
3Comments