Cognito/IAM 策略和 S3 Get Object

我正在尝试将S3和Cognito集成到我的iOS应用程序中，到目前为止还没有成功。我相信这个错误与我的授权和不授权用户的IAM策略有关。这是我的策略:

{
  "Version": "2012-10-17",
  "Statement":
   [{
    "Effect":"Allow",
    "Action":"cognito-sync:*",
    "Resource":["arn:aws:cognito-sync:us-east-1:XXXXXXXXXXXX:identitypool/${cognito-identity.amazonaws.com:aud}/identity/${cognito-identity.amazonaws.com:sub}/*"]
  },
  {
      "Effect":"Allow",
      "Action": "s3:*",
      "Resource": ["arn:aws:s3:::my_bucket",
                   "arn:aws:s3:::my_bucket/*"]
  }
 ]
}

在这里我调用S3:

    AWSS3GetObjectRequest *getObjectRequest = [[AWSS3GetObjectRequest alloc] init];
    getObjectRequest.key = KEY;
    getObjectRequest.bucket = BUCKET;
    //default service has been configured previously
    AWSS3 *s3 = [[AWSS3 new] initWithConfiguration:[AWSServiceManager defaultServiceManager].defaultServiceConfiguration];
    [[s3 getObject:getObjectRequest] continueWithBlock:^id(BFTask *task) {
        if(task.error)
        {
            NSLog(@"Error: %@",task.error);
        }
        else
        {
            NSLog(@"Got File");
            NSData *data = [task.result body];
            NSString *urlString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
            NSURL *url = [[NSURL alloc] initWithString:urlString];
            if ([[UIApplication sharedApplication] canOpenURL:url]) {
                [[UIApplication sharedApplication] openURL:url];
            }
        }
        return nil;
    }];

，这里是错误:

Error: Error Domain=com.amazonaws。AWSSTSErrorDomain Code=0 "AccessDenied——未被授权执行sts: presumerolewithwebidentity " UserInfo=0x10a23e0a0 {NSLocalizedDescription=AccessDenied——未被授权执行sts: presumerolewithwebidentity}

那么，我做错了什么?