Which of the following could be the cause of the error?

By:
In: DVA-C01
Tagged:
With: 2 Comments
A new mobile app uses Amazon Cognito web identity federation.Immediately after a user logs in, the following error occurs:AccessDenied — Not authorized to perform sts:AssumeRoleWithWebIdentityA developer determines that the Amazon Cognito configuration appears to be correct.

Which of the following could be the cause of the error?

The app’s developer incorrectly defined the authenticated principal role access policy.

The app could not confirm the user in the user pool.

The app could not properly authenticate the user with the identity provider.

The app’s developer incorrectly defined the authenticated principal role trust policy.

Explanations:

The issue is not with the authenticated principal role access policy but likely with the role’s trust policy or authentication process.

The issue is not related to confirming the user in the Cognito user pool, as the error occurs after login, implying user confirmation is not the root cause.

The error message specifically points to a permissions issue with assuming a role, not a problem with authenticating the user with the identity provider.

The error “AccessDenied — Not authorized to perform sts” indicates that the authenticated role’s trust policy does not allow the assume role action for web identities, which is the likely cause.

2026-03-23

2 Comments

  1. William
    Author

    I deduce that the answer is:
    The app’s developer incorrectly defined the authenticated principal role trust policy.

  2. Stephanie
    Author

    I draft that the answer is:
    The app’s developer incorrectly defined the authenticated principal role trust policy.

Leave a Reply

Your email address will not be published. Required fields are marked *

thirteen + 17 =