Cognito/IAM Policies & S3 Get Object


I’m trying to integrate S3 and Cognito into my iOS App, so far not successfully. I believe the error is connected to my IAM Policy for Auth and Unauth users. So here’s my policy:

here is where I call S3:

and here is the error:

Error: Error Domain=com.amazonaws.AWSSTSErrorDomain Code=0 “AccessDenied — Not authorized to perform sts:AssumeRoleWithWebIdentity” UserInfo=0x10a23e0a0 {NSLocalizedDescription=AccessDenied — Not authorized to perform sts:AssumeRoleWithWebIdentity}

So, what am I doing wrong?


The error you are experiencing

Is due to an error in your trust policy, not your access policy.

Is this the role that was created as part of the Cognito setup wizard? Did you modify the role in any way? The role created by the Cognito console is pinned to the specific identity pool it was created with. Make sure you are using the role that was created with the identity pool you are using in your application.

Leave a Reply