I have two separate AWS accounts, one for production and one for development. I use DynamoDB, S3 and Elastic Beanstalk. I switch between the two accounts using an id and password on the AWS website, different AWS_ACCESS_KEY_ID/AWS_SECRET_KEY on an Elastic Beanstalk servlet and Cognito identities from my iOS app. This has been working fine up until recently when I tried to set the iOS app to use the development AWS account. This has worked fine in the past, the only difference is the CognitoIdentityPoolId in the following code.
AWSCognitoCredentialsProvider *credentialsProvider = [[AWSCognitoCredentialsProvider alloc] initWithRegionType:CognitoRegionType identityPoolId:CognitoIdentityPoolId]; AWSServiceConfiguration *configuration = [[AWSServiceConfiguration alloc] initWithRegion:DefaultServiceRegionType credentialsProvider:credentialsProvider]; AWSServiceManager.defaultServiceManager.defaultServiceConfiguration = configuration; However my iOS app continues to access the DynamoDB in the Production account even though it has the CognitoIdentitytPoolID for the Development account. I have deleted the app and its data from the iPhone (and tried same on simulator) and cleaned the project. I have double checked that CognitoIdentitytPoolID has changed to the Development one.
I see that one can now set up roles to allow users to access resources in different accounts but I am doing nothing sophisticated like that - I have not even set up IAM users on either account (atm security is not an issue). I simply have IAM roles (CognitoXXXUnauthRole) with the policies necessary to access DynamoDB and S3. These policies do not have an full arn for DynamoDB so that doesnt appear to be be why the accounts are not changing for the ios app.
So my question boils down to 'how does AWS know which DynamoDB database to connect to from the iOS api?"
0 comments:
Post a Comment