I am using AWS java script sdk to authenticate via amazon authentication provider. Through given examples, I am able to authorize user in cognito identity fedration for my app for default role. However, when I tried to use RBAC, unable to authenticate and get Identity ID. I tried following after I saw this blog (https://aws.amazon.com/blogs/aws/new-amazon-cognito-groups-and-fine-grained-role-based-access-control-2/) but none of these works :
Claim : user_id equals value : amzn1.account.XXXXXXXXXXX Role : MyCustomRole
Claim : www.amazon.com:user_id value amzn1.account.XXXXXXXXXXX Role : MyCustomRole
I get below exception in browser : Error: NotAuthorizedException: The ambiguous role mapping rules for: www.amazon.com denied this request.
Can any one post any example of how to use this with amazon identity provider ?
Also, with cloudtrail can we capture logs of these api calls ?
