Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Comments: Create a Cognito Identity Pool #19

Closed
jayair opened this Issue Apr 10, 2017 · 26 comments

Comments

Projects
None yet
7 participants
@jayair
Copy link
Member

commented Apr 10, 2017

@jayair jayair added the Discussion label Apr 10, 2017

@copperspeed

This comment has been minimized.

Copy link

commented Jul 21, 2017

Hi - Can we add multiple resources here if we multiple api's?

"Resource": [
  "arn:aws:execute-api:YOUR_API_GATEWAY_REGION:*:YOUR_API_GATEWAY_ID/*",
  "arn:aws:execute-api:YOUR_API_GATEWAY_REGION:*:YOUR_API_GATEWAY_ID/*"
] 
@jayair

This comment has been minimized.

Copy link
Member Author

commented Jul 21, 2017

@copperspeed Yeah you can!

@bbskuo

This comment has been minimized.

Copy link

commented Oct 25, 2017

Hi - I see documentation for the authenticated user policy but not for the unauthenticated user. Is there a specific setup for that? Thanks!

@jayair

This comment has been minimized.

Copy link
Member Author

commented Oct 25, 2017

@bbskuo For this tutorial, the app and it's resources are behind a login. That's why we only show the authenticated user policy here.

@mictian

This comment has been minimized.

Copy link

commented Dec 14, 2017

Hi,
First of all, very nice tutorial, thank you very much!
There is a small point that I dont get it yet (more AWS related that serverless perhaps - sorry for this)
Under which role are the lambdas executed?

I mean, you have defined an IAM role in the serverless.yml, and now a new set of permissions for authenticated users. Is it needed both roles/permissions? Why?

Thank you in advance,
Mictian

@jayair

This comment has been minimized.

Copy link
Member Author

commented Dec 15, 2017

@mictian Yeah it's pretty confusing.

The IAM portion in the serverless.yml is what the Lambdas have access to. This is different from what a user on the outside can access. The roles for authenticated users in the Identity Pool is telling AWS which services a user can invoke. So a user invokes API Gateway which in turn invokes Lambda. But the Lambda has it's own set of permissions that are defined in the serverless.yml.

Hopefully that makes some sense.

@JackEdwardLyons

This comment has been minimized.

Copy link

commented Dec 17, 2017

Hi, where do I find my API_GATEWAY_ID ?
Do you mean App Client ID?

When I deployed my API in the last chapter, all I got back was this response:

Service Information
service: notes-app-api
stage: prod
region: us-east-2
stack: notes-app-api-prod
api keys:
  None
endpoints:
  POST - https://akse8rq9w0.execute-api.us-east-2.amazonaws.com/prod/notes
  GET - https://akse8rq9w0.execute-api.us-east-2.amazonaws.com/prod/notes/{id}
  GET - https://akse8rq9w0.execute-api.us-east-2.amazonaws.com/prod/notes
  PUT - https://akse8rq9w0.execute-api.us-east-2.amazonaws.com/prod/notes/{id}
  DELETE - https://akse8rq9w0.execute-api.us-east-2.amazonaws.com/prod/notes/{id}
functions:
  create: notes-app-api-prod-create
  get: notes-app-api-prod-get
  list: notes-app-api-prod-list
  update: notes-app-api-prod-update
  delete: notes-app-api-prod-delete
@mictian

This comment has been minimized.

Copy link

commented Dec 17, 2017

Hi @jayair,
Sorry for the delay. Thank you for your answer, that makes all the sense.
So no impersonation at all, got it, perfect 😄 !

@jayair

This comment has been minimized.

Copy link
Member Author

commented Dec 17, 2017

@JackEdwardLyons The format looks like this:

https://API_GATEWAY_ID.execute-api.REGION.amazonaws.com/STAGE/PATH

So yours would be, akse8rq9w0.

I'll add a note to the chapter to make it more clear.

@mjbf0748

This comment has been minimized.

Copy link

commented Mar 28, 2018

@jayair HTTP401: DENIED - The requested resource requires user authentication. I am getting this error in the console, does this strictly have to do with the cognito identity chapter. Do you have any suggestions?

@jayair

This comment has been minimized.

Copy link
Member Author

commented Mar 30, 2018

@mjbf0748 When are you seeing this error?

@mjbf0748

This comment has been minimized.

Copy link

commented Mar 31, 2018

@jayair When I make a 'get' call while the app is running. I am getting this error in the console. This is a call to the second dynamodb table I added in the get.js file.

@jayair

This comment has been minimized.

Copy link
Member Author

commented Mar 31, 2018

@mjbf0748 The error sounds like the user is not authenticated. Are you logged in?

@mjbf0748

This comment has been minimized.

Copy link

commented Apr 1, 2018

@jayair

This comment has been minimized.

Copy link
Member Author

commented Apr 2, 2018

@mjbf0748 So is this happening in the browser? Can I see a screenshot of the error?

@mjbf0748

This comment has been minimized.

Copy link

commented Apr 2, 2018

@jayair

This comment has been minimized.

Copy link
Member Author

commented Apr 2, 2018

@mjbf0748 It seems like you are not using any authentication? Do you have this line set in your App.js - https://github.com/AnomalyInnovations/serverless-stack-demo-client/blob/master/src/index.js#L12? And are you making requests using Amplify?

@mjbf0748

This comment has been minimized.

Copy link

commented Apr 3, 2018

@jayair I had not used Amplify since I had started with the previous version of the tutorial. Should I begin by implementing it?

@jayair

This comment has been minimized.

Copy link
Member Author

commented Apr 4, 2018

@mjbf0748 It depends how far along you are. If you are almost done, I'd say complete it and then go over the update. Most of the structure is the same with Amplify. It just makes some parts simpler.

@mjbf0748

This comment has been minimized.

Copy link

commented Apr 4, 2018

@jayair

This comment has been minimized.

Copy link
Member Author

commented Apr 4, 2018

@mjbf0748 The Amplify update does authentication slightly differently. So it might be worth trying it.

@19bharatvikram

This comment has been minimized.

Copy link

commented Apr 9, 2018

Hi Jay,

I have 2 users and as per our application design, they can see their notes only. But now, I want enable user1 to view/edit the notes of user2 but not delete them.

Is it possible to do that ? if yes How?

Thanks,
Bharat Chand

@jayair

This comment has been minimized.

Copy link
Member Author

commented Apr 9, 2018

@19bharatvikram There are lots of ways to do this. Currently, we get notes using a user id and note id pair. To allow users to access other user's notes; you'd need to store your notes under a different index. Maybe just store it under note id. But you'll need to separately track which user has access to which set of notes.

@19bharatvikram

This comment has been minimized.

Copy link

commented Apr 9, 2018

Hi Jay,

Thanks for your quick response. I understand that I'll need an index column say noteId for that. Just wanted to know more how can I make a track of which users has access to which set of notes. Any pseudo code or sample IAM role/policy or any reference link/doc will help.

Thanks again,
Bharat Chand

@jayair

This comment has been minimized.

Copy link
Member Author

commented Apr 9, 2018

@19bharatvikram Hmmm you could use an IAM role if your user groups are not dynamic. Say for example you had an admin group and regular users group that had different set of permissions. Then you could create roles for them. But if the relationships are dynamic then it might be trickier.

@jayair jayair closed this May 9, 2018

@jayair jayair reopened this May 9, 2018

@jayair

This comment has been minimized.

Copy link
Member Author

commented May 9, 2018

@jayair jayair closed this May 9, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.