Handling Cognito-UserPool-Groups in our AWS Amplify CLI project
AWS Amplify Transform provides an @auth directive. With it we have the p...
For further actions, you may consider blocking this person and/or reporting abuse
Hi Michael, I tried implementing your instructions but I keep getting this when I confirm the user...
PostConfirmation invocation failed due to error AccessDeniedException.
Should I be seeing anything under "Resource-based policy" in the Lambda function?
Thank you!
Thanks for taking the time to write this!
Your article got me 90% of the way.
After following your steps, my cognito stack didn't have permissions to invoke the lambda function.
I had to add permissions to my cloudformation template using this example from stackoverflow ~ stackoverflow.com/a/42460847/4364074
Hi Michael, thanks for the useful article!
But what if I added something like
userPoolGroupNameto cognito custom attributes and I want to read it from theeventobject in lambda function? How can I dynamically assign the group property?Thanks!
Using Cognito Lambda Triggers got a lot easier with recent releases. See this post for examples:
aws.amazon.com/en/blogs/mobile/amp...
You can also call other functions from the aws-sdk inside the lambda to get your desired information. adminAddUserToGroup is only one of many function you could use.
Great article - valuable resource for creating Cognito trigger functions
From the Recap... instead of "edit[ing] our Cognito CloudFormation template to define a PostConfirmation Trigger", can the post confirmation trigger function be selected/specified in the console of an existing Cognito user pool?
Similar with user groups in existing Cognito user pool console
Sorry for the late reply.
Yes, the trigger and the groups can very easily be specified or created in the AWS Management Console. The goal for me is not to do any thing manually like this, because if someone in the team spins up a new environment, each step has to be repeated in the console, documented and might be forgotten.
Hi Michael, thanks for the useful article!
I'm trying the second approach (CustomResources.json based) to generate the user groups but i'm having throubles with the references to the pool id ("Ref": "AuthCognitoUserPoolId").
I just need to create the groups in custom resources file, Which step i'm missing of the setup?.
Hey Michael, I just wanted to say thank you for this howto - really very helpful and I got it working thanks to you :) All the best mate!