Am trying to implement developer authentication using the PHP SDK but keep getting this error:
Fatal error: Uncaught Aws\CognitoIdentity\Exception\CognitoIdentityException: AWS Error Code: AccessDeniedException, Status Code: 400, AWS Request ID: da162f98-fb50-11e4-937e-0bf2642a4752, AWS Error Type: client, AWS Error Message: User: arn:aws:iam::256661818246:user/tester is not authorized to perform: cognito-identity:GetOpenIdTokenForDeveloperIdentity on resource: arn:aws:cognito-identity:us-east-1:256661818246:identitypool/us-east-1:69767873-2de2-4cc7-a78f-3d18b5e9bf71, User-Agent: aws-sdk-php2/2.8.3 Guzzle/3.9.3 curl/7.20.0 PHP/5.3.6 thrown in /var/www/html/aws/Aws/Common/Exception/NamespaceExceptionFactory.php on line 91
This is my sample code:
<?php
session_start();
//Include AWS client libs
require (dirname(__DIR__).'/aws/aws-autoloader.php');
use Aws\CognitoIdentity\CognitoIdentityClient;
use Aws\Sts\StsClient;
/* Global Vars */
$aws_region = 'us-east-1';
$aws_key = '<AWS_KEY>';
$aws_secret = '<AWS_SECRET>';
$aws_account_id = '<AWS_ACCOUNT_ID>';
$identity_pool_id = 'us-east-1:xxxx-xxxx-xxxx-xxxx';
//Initialize a Cognito Identity Client using the Factory
$client = CognitoIdentityClient::factory(array('region' => $aws_region, 'key' => $aws_key, 'secret' => $aws_secret));
/* Acquire new Identity */
$identity = $client->getOpenIdTokenForDeveloperIdentity(array('IdentityPoolId' => $identity_pool_id, 'Logins' => array('login.custom.traffic' => 'jkljkasdjk')));
//Obtain Identity from response data structure
$id = $identity->get('IdentityId');
echo "IdentityId: ".$id;
?>
I suspect the error occurs while trying to get the developer Identity. What am I missing?