logo标签列表

AWS推送通知服务集成错误

iosobjective-camazon-web-servicesamazon-snsaws-sdk
18

我正在尝试将Amazon推送通知集成到我的iPhone应用中。我确实正确地按照这里提供的教程进行了操作。

在创建平台终端节点时,我遇到了以下错误。(似乎是身份池权限问题?)

CognitoIdentityCredentials is not authorized to perform: SNS:CreatePlatformEndpoint

完整消息:

Error: Error Domain=com.amazonaws.AWSSNSErrorDomain Code=4 "The operation couldn’t be completed. (com.amazonaws.AWSSNSErrorDomain error 4.)" UserInfo=0x165dcef0 {Type=Sender, Message=User: arn:aws:sts::290442422498:assumed-role/Cognito_Laugh_DevUnauth_Role/CognitoIdentityCredentials is not authorized to perform: SNS:CreatePlatformEndpoint on resource: arn:aws:sns:us-east-1:290442422498:app/APNS_SANDBOX/Laugh, __text=(
"\n    ",
"\n    ",
"\n    ",
"\n  "
), Code=AuthorizationError}

代码

AWSRegionType const CognitoRegionType = AWSRegionUSEast1;
AWSRegionType const DefaultServiceRegionType = AWSRegionUSEast1;
NSString *const CognitoIdentityPoolId = @"us-east-1:0..................";
NSString *const SNSPlatformApplicationArn = @"arn:aws:sns:us-east-1:................";
NSString *const MobileAnalyticsAppId = @"YourMobileAnalyticsAppId";


- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {

  // Sets up the AWS Mobile SDK for iOS
 AWSCognitoCredentialsProvider *credentialsProvider =   [[AWSCognitoCredentialsProvider alloc] initWithRegionType:CognitoRegionType identityPoolId:CognitoIdentityPoolId];

 AWSServiceConfiguration *defaultServiceConfiguration = [[AWSServiceConfiguration alloc] initWithRegion:DefaultServiceRegionType
                                                                                   credentialsProvider:credentialsProvider];

 AWSServiceManager.defaultServiceManager.defaultServiceConfiguration = defaultServiceConfiguration;
}


- (void)application:(UIApplication*)application didRegisterForRemoteNotificationsWithDeviceToken:(NSData*)deviceToken{

NSString *deviceTokenString = [[[deviceToken description] stringByTrimmingCharactersInSet:[NSCharacterSet characterSetWithCharactersInString:@"<>"]] stringByReplacingOccurrencesOfString:@" " withString:@""];

NSLog(@"deviceTokenString: %@", deviceTokenString);
[[NSUserDefaults standardUserDefaults] setObject:deviceTokenString forKey:@"deviceToken"];
[[NSUserDefaults standardUserDefaults] synchronize];

AWSSNS *sns = [AWSSNS defaultSNS];
AWSSNSCreatePlatformEndpointInput *request = [AWSSNSCreatePlatformEndpointInput new];
request.token = deviceTokenString;
request.platformApplicationArn = SNSPlatformApplicationArn;

NSLog(@"SNSPlatformApplicationArn %@", SNSPlatformApplicationArn);

[[sns createPlatformEndpoint:request] continueWithBlock:^id(BFTask *task) {
    if (task.error != nil) {
        NSLog(@"Error: %@",task.error);
    } else {
        AWSSNSCreateEndpointResponse *createEndPointResponse = task.result;
        NSLog(@"endpointArn: %@",createEndPointResponse);
        [[NSUserDefaults standardUserDefaults] setObject:createEndPointResponse.endpointArn forKey:@"endpointArn"];
        [[NSUserDefaults standardUserDefaults] synchronize];
        //[self.window.rootViewController.childViewControllers.firstObject performSelectorOnMainThread:@selector(displayDeviceInfo) withObject:nil waitUntilDone:NO];

    }

    return nil;
}];

}

你确定可以使用常量 "SNSPlatformApplicationArn" 吗?当我查看 platformApplicationArn 的描述时,它说 "从 CreatePlatformApplication 返回的 PlatformApplicationArn 用于创建一个端点。" - Michael Dautermann
2个回答
18

问题出在 AWS SNS 配置上,我们需要在授权和非授权角色的策略中添加 "SNS:CreatePlatformEndpoint"。

1
你介意详细说明一下你是怎么解决这个问题的吗?我猜你指的是通过将自定义策略附加到Cognito未认证角色来在IAM控制台中解决的,该策略必须手动生成,并使用在http://docs.aws.amazon.com/sns/latest/dg/AccessPolicyLanguage_SpecialInfo.html中描述的sns:CreatePlatformEndpoint操作。我在做这个方面的合适文档上遇到了麻烦,但是我承认我对IAM策略有点生疏。既然你说你在SNS配置中解决了它,我只是好奇是否有更快的方法来添加所需的策略。 - JHH
您还需要在策略中添加资源 ARN。 - phatmann
2
谢谢!我也解决了,只需要进入IAM管理控制台查找适当的策略并添加SNS:CreatePlatformEndpoint即可。 - Michael D. Irizarry
查看文档,我找不到 SNS:CreatePlatformEndpoint ... 有没有现在的等效方法? - jpganz18
9
您可以在角色->附加策略下添加AmazonSNSFullAccess
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接