码迷,mamicode.com
首页 > 数据库 > 详细

[AWS] Lab: Configure a Cognito user can access DynamoDB for read

时间:2021-04-24 13:25:08      阅读:0      评论:0      收藏:0      [点我收藏+]

标签:iam   ted   auto   -name   com   learn   use   visio   replace   

技术图片

 

Create an IAM User

Give Admin access

Create DynamoDB Table

  
1) Create facts table:
**** (use ^ - Shift + 6 if you are a windows user, not \) ****

aws dynamodb create-table --table-name facts --attribute-definitions AttributeName=fact_id,AttributeType=N --key-schema AttributeName=fact_id,KeyType=HASH --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5


2) Populate facts table:
**** (make sure items.json is in your working directory) ****

aws dynamodb batch-write-item --request-items file://items.json

items.json

https://github.com/ACloudGuru-Resources/course-aws-certified-developer-associate/blob/main/Cognito_Demo/items.json

Create an EC2 Instance

Install HTTPD:

#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd

Create a Cognito Identity Pool and IAM Role

Cognito Commands: 


1) Using the CLI, create new identity pool, named DynamoPool, allow unauthenticated entities.
**** (use ^ - Shift + 6 if you are a windows user, not \) ****

    aws cognito-identity create-identity-pool     --identity-pool-name DynamoPool     --allow-unauthenticated-identities     --output json
       

2) Create an IAM role named Cognito_DynamoPoolUnauth. 

aws iam create-role --role-name Cognito_DynamoPoolUnauth --assume-role-policy-document file://myCognitoPolicy.json --output json
 
3) Grant the Cognito_DynamoPoolUnauth role read access to DynamoDB by attaching a managed policy (AmazonDynamoDBReadOnlyAccess).

aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess --role-name Cognito_DynamoPoolUnauth 

4) Get the IAM role Amazon Resource Name (ARN).
aws iam get-role --role-name Cognito_DynamoPoolUnauth --output json 


5) Add our role to the Cognito Identity Pool. Replace the pool ID with your own pool ID and use the role ARN from the previous step.

aws cognito-identity set-identity-pool-roles --identity-pool-id "us-east-1:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" --roles unauthenticated=arn:aws:iam::xxxxx:role/Cognito_DynamoPoolUnauthRole --output json

6) Double check it worked using: 

aws cognito-identity get-identity-pool-roles  --identity-pool-id "us-east-1:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

7) We can now specify the Cognito credentials in our application - i.e. in the JavaScript section of our webpage!
Replace the identity pool ID with your own and the role ARN with your own role ARN. 
We are going to add this snippet to our index.html:


AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: "us-east-1:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
RoleArn: "arn:aws:iam::xxxxx:role/Cognito_DynamoPoolUnauthRole"
});

[AWS] Lab: Configure a Cognito user can access DynamoDB for read

标签:iam   ted   auto   -name   com   learn   use   visio   replace   

原文地址:https://www.cnblogs.com/Answer1215/p/14695278.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!