AWS无法订阅SNS主题：CognitoIdentityCredentials未被授权执行：SNS:Subscribe。

我正在尝试使用以下代码将iOS端点订阅到SNS主题：

    let sns = AWSSNS.defaultSNS()
    let request = AWSSNSCreatePlatformEndpointInput()
    request.token = deviceTokenString
    request.platformApplicationArn = SNSPlatformApplicationArn

    sns.createPlatformEndpoint(request).continueWithExecutor(AWSExecutor.mainThreadExecutor(), withBlock: { (task: AWSTask!) -> AnyObject! in
        if task.error != nil {
            print(task.error)
        } else {
            let createEndpointResponse = task.result as! AWSSNSCreateEndpointResponse

            // Subscribe to the topic
            let subscribeTopicInput = AWSSNSSubscribeInput()
            subscribeTopicInput.endpoint = createEndpointResponse.endpointArn
            subscribeTopicInput.protocols = "application"
            subscribeTopicInput.topicArn = MyTopicARN
            sns.subscribe(subscribeTopicInput).continueWithExecutor(AWSExecutor.mainThreadExecutor(), withBlock: { (topicTask: AWSTask!) -> AnyObject! in

                if topicTask.error != nil {
                    // Authorization error prints here
                    print(topicTask.error)
                }

                return nil
            })

        }

        return nil
    })

我在尝试订阅主题时收到错误：

UserInfo={Type=Sender, Message=User: arn:aws:its::000000000000:assumed-role/appname_unauth_MOBILEHUB_000000000/CognitoIdentityCredentials is not authorized to perform: SNS:Subscribe on resource:...

这个答案的作者解释说，您必须在Cognito角色中授予对sns:Subscribe的访问权限，以允许应用程序进行此调用。我的Cognito用户已被授予AmazonSNSFullAccess，它允许访问所有sns操作（例如sns：*）。为什么我的Cognito用户被拒绝访问？我的主题策略设置为只有主题所有者可以订阅…但主题所有者似乎与我的Cognito用户相同。