Simon Reilly
08/05/2021, 2:59 PMreadonly
and set by a private methodthdxr
08/05/2021, 3:00 PMthdxr
08/05/2021, 3:01 PMpublic readonly iamAuthRole: iam.Role;
public readonly iamUnauthRole: iam.Role;
These?Simon Reilly
08/05/2021, 3:01 PMthdxr
08/05/2021, 3:01 PMSimon Reilly
08/05/2021, 3:01 PMprivate createAuthRole(identityPool: cognito.CfnIdentityPool): iam.Role {
const role = new iam.Role(this, "IdentityPoolAuthRole", {
assumedBy: new iam.FederatedPrincipal(
"<http://cognito-identity.amazonaws.com|cognito-identity.amazonaws.com>",
{
StringEquals: {
"<http://cognito-identity.amazonaws.com:aud|cognito-identity.amazonaws.com:aud>": identityPool.ref,
},
"ForAnyValue:StringLike": {
"<http://cognito-identity.amazonaws.com:amr|cognito-identity.amazonaws.com:amr>": "authenticated",
},
},
"sts:AssumeRoleWithWebIdentity" <--- This trust policy needs to be "sts:AssumeRoleWithWebIdentity, sts:TagSession"
),
});
Simon Reilly
08/05/2021, 3:01 PMSimon Reilly
08/05/2021, 3:02 PMthdxr
08/05/2021, 3:03 PMAuthProps
to support this (I basically don't know what the options should be named)thdxr
08/05/2021, 3:03 PMSimon Reilly
08/05/2021, 3:03 PMSimon Reilly
08/05/2021, 3:19 PMSimon Reilly
08/05/2021, 4:09 PMSimon Reilly
11/15/2021, 7:24 AM