Description:
I’m developing a React application using AWS Amplify, which integrates with AWS Cognito for user authentication and AWS AppSync for GraphQL APIs. My backend is built using the CloudFormation Serverless framework in Node.js, and my GraphQL API supports two authentication modes: Cognito and IAM.
Here I am attempting to allow unauthorized guest users to access certain API operations using IAM authentication, while authenticated users use Cognito.
Problem:
When attempting to fetch data from my GraphQL endpoint using generateClient from AWS Amplify’s API module with IAM authMode for unauthorized access, I encounter the following error:
Invalid identity pool configuration. Check assigned IAM roles for this pool.
InvalidIdentityPoolConfigurationException: Invalid identity pool configuration. Check assigned IAM roles for this pool.
Details:
-
Amplify Configuration (src/index.js) :
Amplify.configure({ Auth: { Cognito: { userPoolId: "****", userPoolClientId: "****", identityPoolId: "****", allowGuestAccess: true, }, }, API: { GraphQL: { endpoint: "https://****.appsync-api.us-east-1.amazonaws.com/graphql", region: "us-east-1", defaultAuthMode: "userPool", }, }, });Here I am using the graphql API to fetch a book using its id in src/App.js:
Although the default authorization mode is cognito user pool , I am using identity pool with an IAM Role for unauthorised users that would allow them to access the graphql API.
import React from "react"; import { generateClient } from "aws-amplify/api"; import { Authenticator } from "@aws-amplify/ui-react"; import { getBookById } from "./graphql/queries"; import "@aws-amplify/ui-react/styles.css"; export default function App() { const [book, setBook] = React.useState({}); const getBook = async () => { const client = generateClient("bookstore"); const bookId = "358748d6-f047-4***-8b**-e********"; const book = await client.graphql({ query: getBookById, variables: { id: bookId }, authMode: "identityPool", }); setBook(book.data.getBookById); }; return ( <div style={{ margin: "20px" }}> <!--code to display book details--> </div> ); }Issue Context:
-
This setup is intended to allow guest users to access certain API queries using IAM authentication (including Amazon Cognito Identity Pool.
-
Queries on AWS console for guest users using IAM are successful, indicating the IAM roles are correctly configured.
-
Request for Help: I’m seeking guidance on how to resolve this InvalidIdentityPoolConfigurationException error when using IAM authMode with generateClient in AWS Amplify for unauthorized guest users. Any insights or alternative approaches would be greatly appreciated!
-
Troubleshooting Efforts:
-
Cleared browser cache and checked AWS IAM roles.
-
Verified AWS Amplify and Cognito configurations are correct.
-
Explored AWS Amplify and AppSync documentation but found no specific guidance for this scenario.
-