Reputation:
I want to call webservice using Api gateway but having an issue using Cognito. but application is crashing, I have no idea about it,Please guys help to solve it!!! my code is like below
AwsActivity.java
class AwsActivity extends Activity {
private String AMAZON_COGNITO_IDENTITY_POOL_ID = "us-east-1**********";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
new MyAsyncTask("1").execute();
}
private class MyAsyncTask extends AsyncTask<String, Void, String> {
private String userId = "";
public MyAsyncTask(String userId) {
this.userId = userId;
Log.d("111111111111", "111111111111");
}
@Override
protected String doInBackground(String... strings) {
Log.d("22222222222222222", "2222222222222222222");
AWSCredentialsProvider credenetialsProvider = new CognitoCachingCredentialsProvider(
AwsActivity.this, // activity context
AMAZON_COGNITO_IDENTITY_POOL_ID, // Cognito identity pool id
Regions.US_EAST_1 // region of Cognito identity pool
);
ApiClientFactory factory = new ApiClientFactory()
.credentialsProvider(credenetialsProvider)
.region("us-east-1")
.endpoint("https://abcd")
.apiKey("gsjddjflkjdsljaskds");
// MyClient is the AWS Android SDK Generated class
final MyClient client = factory.build(MyClient.class);
client.viewprofileGet(userId);
// String str = client.testGet().toString();
Log.d("###", "here after test" + client.viewprofileGet(""));
return "DONE";
}
@Override
protected void onPostExecute(String temp) {
Log.d("####", "onPostExecute");
}
}}
MyClient.java
@com.amazonaws.mobileconnectors.apigateway.annotation.Service(endpoint = "https://abcde")
public interface MyClient {
@com.amazonaws.mobileconnectors.apigateway.annotation.Operation(path = "/loginclient", method = "GET")
Empty loginclientGet(
@com.amazonaws.mobileconnectors.apigateway.annotation.Parameter(name = "user_id", location = "query")
String userId);
}
My Error Log is below
07-01 06:35:17.840 17476-17558/com.example.android.awsapidemo E/AndroidRuntime: FATAL EXCEPTION: AsyncTask #1
java.lang.RuntimeException: An error occured while executing doInBackground()
at android.os.AsyncTask$3.done(AsyncTask.java:299)
at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:352)
at java.util.concurrent.FutureTask.setException(FutureTask.java:219)
at java.util.concurrent.FutureTask.run(FutureTask.java:239)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
at java.lang.Thread.run(Thread.java:841)
Caused by: com.amazonaws.mobileconnectors.apigateway.ApiClientException: {"Message":"User: arn:aws:sts::686770309549:assumed-role/Cognito_bookmixnewUnauth_Role/CognitoIdentityCredentials is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-east-1:********9549:abcde/mycleint/GET/login/login"}
(Service: MyClient; Status Code: 403; Error Code: null; Request ID: 80ede0b7-3f77-13435e6-45345-24325435)
at com.amazonaws.mobileconnectors.apigateway.ApiClientHandler.handleResponse(ApiClientHandler.java:240)
at com.amazonaws.mobileconnectors.apigateway.ApiClientHandler.invoke(ApiClientHandler.java:93)
at $Proxy1.viewprofileGet(Native Method)
at com.example.android.awsapidemo.AwsActivity$MyAsyncTask.doInBackground(AwsActivity.java:63)
at com.example.android.awsapidemo.AwsActivity$MyAsyncTask.doInBackground(AwsActivity.java:37)
at android.os.AsyncTask$2.call(AsyncTask.java:287)
at java.util.concurrent.FutureTask.run(FutureTask.java:234)
... 4 more
Upvotes: 0
Views: 975
Reputation: 3745
The key detail in your error log is this message:
"User: arn:aws:sts::686770309549:assumed-role/Cognito_bookmixnewUnauth_Role/CognitoIdentityCredentials is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-east-1:********9549:abcde/mycleint/GET/login/login"
There is a role associated with each Cognito identity pool. You need to add policy to your role to give it permissions to the "execute-api:Invoke" action on the resource ARN given above.
The policy should look something like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"execute-api:Invoke"
],
"Resource": [
"arn:aws:execute-api:us-east-1:********9549:abcde/mycleint/GET/login/login"
]
}
]
}
Also, the resource path in your ARN looks odd, so double check that you built the correct URL for invoking your API. The general format for the ARN is:
arn:aws:execute-api:us-east-1:my-aws-account-id:my-api-id/my-stage/GET/my-resource-path
Base on the ARN in your error log, we have:
my-aws-account-id: ********9549
my-api-id: abcde
my-stage: mycleint
HTTP method: GET
my-resource-path: /login/login`
Is "mycleint" the name of your stage?
Is the resource path really "/login/login"?
Also, it seems a bit odd to be using both a Cognito identity pool and a custom login method. Usually people use one or the other. With this set-up the user has to authenticate via the Cognito identity pool before they can call the custom login method.
Upvotes: 1
Reputation: 1843
Try like this
AmazonDynamoDBClient ddbClient = Region.getRegion(Regions.EU_WEST_1) // CRUCIAL
.createClient(
AmazonDynamoDBClient.class,
credentialsProvider,
new ClientConfiguration()
);
Check this value
Region.getRegion(Regions.EU_WEST_1) // CRUCIAL
if your database in a different region you need to specify it properly.other wise it will not work
Upvotes: 0