AWS Cognito Pool Trigger

1
votes

I am facing a strange problem in saving the triggers in cognito pool

I have an angular UI that authenticates using cognito pool, and the pool calls a lambda configured under PRE Token generator. I am creating the pool using AWS CLI. Below the command used. 

 aws cognito-idp  create-user-pool --pool-name "${CLIENT}-app" --admin-create-user-config AllowAdminCreateUserOnly=true --policies "$PASSWORD_POLICY" --email-verification-subject "$EMAIL_VERIFICATION_SUBJECT" --auto-verified-attributes email --lambda-config PreTokenGeneration="$PRE_TOKEN_LAMBDA_REF" --schema "$CUSOM_ATTR_VALUES"

I see the trigger is created properly. I verified in aws console (UI) and I queried the pool using aws list-pools, Both cases the lambda is referenced properly in Pre token generator.

But using the Angular UI while accessing the pool , i am getting Access Denied exception. I am able to resolve the problem by manually visiting the pool and simply press "Save Changes" under Triggers. I am not updating any information in the pool. After this step the UI is able to work without any issues.

Kindly provide your suggestions.

Regards Viji

1
amazon-web-servicesaws-lambdaamazon-cognito
Please can someone help me to understand the issuevijaya lakshmi

1 Answers

1
votes

Battled with this myself just today, and found the solution here:

https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html

I.e. when configuring through the API, you have to explicitly give the user pool the permission to execute the trigger lambda. When configuring through console, this happens implicitly, and that is why you are seeing the strange behavior with "Save changes".