I am facing a strange problem in saving the triggers in cognito pool
I have an angular UI that authenticates using cognito pool, and the pool calls a lambda configured under PRE Token generator.
I am creating the pool using AWS CLI. Below the command used.
aws cognito-idp create-user-pool --pool-name "${CLIENT}-app" --admin-create-user-config AllowAdminCreateUserOnly=true --policies "$PASSWORD_POLICY" --email-verification-subject "$EMAIL_VERIFICATION_SUBJECT" --auto-verified-attributes email --lambda-config PreTokenGeneration="$PRE_TOKEN_LAMBDA_REF" --schema "$CUSOM_ATTR_VALUES"
I see the trigger is created properly. I verified in aws console (UI) and I queried the pool using aws list-pools, Both cases the lambda is referenced properly in Pre token generator.
But using the Angular UI while accessing the pool , i am getting Access Denied exception.
I am able to resolve the problem by manually visiting the pool and simply press "Save Changes" under Triggers. I am not updating any information in the pool. After this step the UI is able to work without any issues.
Kindly provide your suggestions.
Regards
Viji
Battled with this myself just today, and found the solution here:
https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
I.e. when configuring through the API, you have to explicitly give the user pool the permission to execute the trigger lambda. When configuring through console, this happens implicitly, and that is why you are seeing the strange behavior with "Save changes".
Related
I need to create a Custom Message lambda trigger but it appears that the only way to do so is to go through all the steps in updating the auth category. I don't want to mess up my user pool and auth settings. How do I skip all steps except the lambda options?
Thanks!
you can always add a new function using amplify add function and then attach this function as a trigger on cognito user pool config screen.
downside is you will have to do this for all your user pools but it doesn't mess your amplify configurations.
I am creating a web app using AWS amplify, and one of its features will be integration with AWS IoT for live MQTT data. I successfully setup Cognito to work with IoT, but there is one step that I currently have to do manually: attach the iot policy to a cognito identity. In all the AWS tutorials on this, they have you manually attach the policy for the user via the command line, but obviously in a production app this needs to be automated with something like a Lambda as part of the user signup flow. I know that lambda triggers are available with the user pools side of Cognito, but I don't see any documentation on them being available for identity pools. If I'm correct the user signup happens first in the user pool and then the identity pool, and since I need the identity ID to link to IoT, using user pool lambda triggers won't work for this. Of course I could always add this to my own API which is called after sign up, the only issue with that is that it relies on the client to call the API, which adds complexity, i.e. the client could disconnect after signup but before the API call is made, in which case the user would never get the policy attached. Is there any better server-side way to trigger this?
I have 2 AWS Cognito UserPools. One of them is in my "old" Account and one is in the "new" Account. Now I want to migrate users using a lambda trigger but the lambda wouldn't be executed, even when I make a simple HTTP request and check if this was sent. I also can't find any logs on this issue.
The only error I got is that my frontend is showing an error called "UserNotFoundException".
I am using Cognito User Pool to integrate an external Identity Provider via SAML. I have two Idp's I am trying to setup. One is Azure AD, which is all set up and working fine. Another one is SecureAuth which is giving problems.
I am trying to find if Cognito logs anything. I looked in CloudWatch and CloudTrail. I dont see any logs related to his in both places. Where does Cognito log these errors? Do I need setup something for this to work?
I have created a lambda that should be triggered whenever a cognito user does a sync on my application.
I have checked in the console, under the lambda section that it has indeed a sync trigger set to that identity pool.
I have also performed a simple test in that lambda to make sure it adds logs to Cloud Watch. Which it does (It fails because it does not have the cognito information when triggering it, but that was expected)
I have checked in the console, under federated identities that it has indeed a cognito event sync trigger pointing to the correct lambda.
In my application (Unity application) I create a new cognito user and do a sync, I receive the sync success callback.
The logs don't get updated, which means the event is not firing when I sync.
I have looked around the internet a lot about this, but all I can find are old topics about it that are not relevant to my situation. Has anyone successfully got this working? I could use some help on why it's not firing the event.
Cheers,
Cai