I have an Identity Pool which has an Authenticated Role. One of the policies on that role is to have Full Invoke Access to API Gateway Endpoints. When I create temporary credentials with AWS.config.credentials.get(), I create an instance of the API Gateway client like so.
AWS.config.region = 'us-east-1';
var newClientCredentials = {
accessKey: accessKey,
secretKey: secretKey
};
apiClient = apigClientFactory.newClient(newClientCredentials);
apiClient.myendpointPost({}, postRequest, requestParams).then(function(result) {console.log(result)});
I've double checked that accessKey and secretKey are set. When I make a call with apiClient to my endpoint, I get an unauthorized response from the Gateway.
My questions:
accessKey and secretKey) are for the appropriate Authenticated Role?As Ninad pointed out in the comments I forgot to pass in the session as well with the keys. However, one key step that I had missed was that the Authorization on the endpoint I was hitting had to be set to AWS_IAM. I had previously set it to Cognito and pointed to the User Pool, which was not correct.