I need to create a Custom Message lambda trigger but it appears that the only way to do so is to go through all the steps in updating the auth category. I don't want to mess up my user pool and auth settings. How do I skip all steps except the lambda options?
Thanks!
you can always add a new function using amplify add function and then attach this function as a trigger on cognito user pool config screen.
downside is you will have to do this for all your user pools but it doesn't mess your amplify configurations.
Related
I am creating a web app using AWS amplify, and one of its features will be integration with AWS IoT for live MQTT data. I successfully setup Cognito to work with IoT, but there is one step that I currently have to do manually: attach the iot policy to a cognito identity. In all the AWS tutorials on this, they have you manually attach the policy for the user via the command line, but obviously in a production app this needs to be automated with something like a Lambda as part of the user signup flow. I know that lambda triggers are available with the user pools side of Cognito, but I don't see any documentation on them being available for identity pools. If I'm correct the user signup happens first in the user pool and then the identity pool, and since I need the identity ID to link to IoT, using user pool lambda triggers won't work for this. Of course I could always add this to my own API which is called after sign up, the only issue with that is that it relies on the client to call the API, which adds complexity, i.e. the client could disconnect after signup but before the API call is made, in which case the user would never get the policy attached. Is there any better server-side way to trigger this?
I am trying to signup an user. I am using AWS cognito for user authentication and authorization. I have added new custom attribute "abc" in under attribute section in General Settings. I have enabled read & write for abc attribute in AppClients.
Now I am trying to hit the API to create user using Postman. I am able to create new user but problem I am facing is, I am unable to add custom attribute while creating user. To add custom attributes, everytime I have to run below cli command. How do I add custom attributes while creating user itself.
aws cognito-idp admin-update-user-attributes --user-pool-id us-west-2_aaaaaaaaa --username diego#example.com --user-attributes Name="custom:CustomAttr1",Value="Purple"
You can do the same by using the Post Confirmation Lambda Trigger, and writing relevant code in the Lambda trigger for this use-case.
Quoting the official AWS documentation for the Post Confirmation Lambda trigger:
Amazon Cognito invokes this trigger after a new user is confirmed,
allowing you to send custom messages or to add custom logic.
Hence, this looks perfect for your use-case as you can call AdminUpdateUserAttributes from the Lambda code. From my experience, AWS Lambda operates the best and has the least cold start time when you write the code in Node.js or Python, so I would implore you to take a look at the recommended API calls.
I want to setup event triggers when user is created. At the moment we are creating user in the online AWS user pool console. I'm wondering if such events will trigger the custom lambda operations, namely:
Pre-Sign-up Lambda Trigger
Post Confirmation Lambda Trigger (to add user to group, add user data to DynamoDB etc.)
References:
Creating a New User in the AWS Management Console
Customizing User Pool Workflows with Lambda Triggers
Found the list of triggers that are specifically related to admin actions (both online and programatically). For persisting user data somewhere one has to hook into a lambda that handles the CustomMessage. Other triggers might work but I haven't extensively tested all of them.
PreSignUp_AdminCreateUser
CustomMessage_AdminCreateUser
I have a React Native mobile app in which I'm using AWS Amplify to work with my Cognito user pool.
I am trying to get the "Created" date of the currently signed in user because I want to show existing users an alert when the app starts, but I don't want new users to get that alert. I plan on using the creation date of the user to know if they should see the alert.
When looking at my user pool in the Cognito service in AWS Console, I see that each user does have a "Created" property:
however, I am unsure how I can access that property from within the app. The only relevant method I could find in the docs was Auth.currentAuthenticatedUser(), but that doesn't seem to include the "Created" timestamp in its response.
I did find a reference to AdminGetUser in the Cognito docs which does include a UserCreateDate property, however I don't want to have admin credentials used within the app itself, so I am looking for an alternative.
Any suggestions would be appreciated!
There is a way that you can use the AdminGetUser API without providing direct admin access to the users. Since you are using Amplify, you can publish an API (either REST or GraphQL) that calls a Lambda function. The Lambda function in turn is configured with the required cognito-idp:AdminGetUser privilege for reading the user data and then returning it through the api.
I am facing a strange problem in saving the triggers in cognito pool
I have an angular UI that authenticates using cognito pool, and the pool calls a lambda configured under PRE Token generator.
I am creating the pool using AWS CLI. Below the command used.
aws cognito-idp create-user-pool --pool-name "${CLIENT}-app" --admin-create-user-config AllowAdminCreateUserOnly=true --policies "$PASSWORD_POLICY" --email-verification-subject "$EMAIL_VERIFICATION_SUBJECT" --auto-verified-attributes email --lambda-config PreTokenGeneration="$PRE_TOKEN_LAMBDA_REF" --schema "$CUSOM_ATTR_VALUES"
I see the trigger is created properly. I verified in aws console (UI) and I queried the pool using aws list-pools, Both cases the lambda is referenced properly in Pre token generator.
But using the Angular UI while accessing the pool , i am getting Access Denied exception.
I am able to resolve the problem by manually visiting the pool and simply press "Save Changes" under Triggers. I am not updating any information in the pool. After this step the UI is able to work without any issues.
Kindly provide your suggestions.
Regards
Viji
Battled with this myself just today, and found the solution here:
https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
I.e. when configuring through the API, you have to explicitly give the user pool the permission to execute the trigger lambda. When configuring through console, this happens implicitly, and that is why you are seeing the strange behavior with "Save changes".