最终，我需要为 Cognito 用户池中的用户生成 AccessKeyId、SecirutyKey 和 SessionToken，以便我可以使用 Postman 作为 cognito 用户测试 lambda 函数.到目前为止，我已经花了 2 天时间试图解决这个问题.这似乎可行:

Ultimately, I need to generate a AccessKeyId, SecirutyKey and SessionToken for a user in a Cognito User Pool so I can test a lambda function as a cognito user using Postman. So far, I've spent 2 days trying to figure this out. It seems that this would work:

aws sts assume-role-with-web-identity --role-arn arn:aws:iam::1234567890:role/rolename--role-session-name "RoleSession1" --web-identity-token ??? --provider-id provideridvalue

我能够获取 provider-id 值，但无法获取 web-identity-token 的有效值.

I was able to get the provider-id value but I'm having trouble getting a valid value for the web-identity-token.

如果我理解正确，这应该会给我 web-identity-token:

If I understand correctly this should get me the web-identity-token:

aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --client-id clientidvalue --auth-parameters USERNAME=usernamevalue,PASSWORD=passwordvalue

我从联合身份池中获得了 clientidvalue.

I obtained the clientidvalue from the Federated Identities pool.

我无法解决的问题是上面的命令给了我这个错误:

The problem I have been unable to resolve is that the above command gives me this error:

未知选项:PASSWORD=

Unknown options: PASSWORD=<password>

我尝试了许多不同的变体，包括 json 格式，但没有任何效果.我做错了什么?

I've tried many different variations including json format but nothing works. What am I doing wrong?

推荐答案

它对我有用.我看不出和你有什么不同

It works for me. I can't see any difference with yours

您是否使用在用户池应用程序客户端"部分(而不是在联合身份部分)创建的应用程序客户端 ID?如果有，是否勾选了这个选项?

Are you using the app client id that you created at User Pool 'App clients' sections (not at federated identity section) ? If so, is this option checked ?

为基于应用的身份验证启用用户名-密码(非 SRP)流程(USER_PASSWORD_AUTH)

Enable username-password (non-SRP) flow for app-based authentication (USER_PASSWORD_AUTH)

我正在使用从 3600 到下一个空格的令牌.将其放在邮递员头上并在 Cognito Authorizer 后面调用 lambda.

I am using the token starting after 3600 till the next whitespace. Put it on postman header and call lambda behind Cognito Authorizer.

如果有人对此的单命令 shell 脚本版本感兴趣 ->Bash 脚本

If anyone interested in single command shell script version of this -> Bash Script

我经常使用它