Cognito Presignup work flow

0

Hi team,

I have a lambda function that

  1. create a new user inside my Cognito user pool using the API call adminCreateUser
  2. add this new used inside Cognito croup using adminAddUserToGroup API call
  3. add the info about the created user inside a Dynamo DB table

Inside Cognito, I configured PRE_SIGN_UP lambda trigger that sends an invitation link to the client upon adminCreateUser call (step 1)

the issue I found with this is, sometimes an error occur during (step 2 or 3) but the invitation link is still sent to the client (as it's sent immediately after adminCreateUser Is called),

I didn't find another lambda trigger suitable to use, I would like to know the best practice to go around this.

I know that chaining lambda calls are not a best practice so that is why I don't want to call Lambda#2 that sends the invitation email after lambda#1 has accomplished all work(add user in Cognito, add a user to the group, add user's info to DDB).

can I call lambda#2 from inside lambda#1 or other is any other best practice for this scenario?

Thank you, team!

1 Answer
0

Hello,

I see you have a Lambda function invoking Cognito API's - adminCreateUser, adminAddUserToGroup, and adding the user info to a Dynamo DB table. You have noticed that sometimes the adminAddUserToGroup and adding user info to Dynamo DB fails but the user is still sent an invitation linked since you have hooked up a Pre Sign Up Lambda trigger with your User Pool.

First of all, please note that a Pre Sign Up Lambda Trigger gets invoked whenever any one of the below two API's are called:

  1. SignUp
  2. AdminCreateUser

So, pre sign up lambda trigger will get executed as soon the above API is invoked successfully.

Now, to answer your question, you can invoke a Lambda function from within a Lambda function. You may call the invoke API [1] from within the Lambda function to invoke your second Lambda function. Here is the boto3 reference:

response = client.invoke( FunctionName='string', InvocationType='Event'|'RequestResponse'|'DryRun', LogType='None'|'Tail', ClientContext='string', Payload=b'bytes'|file, Qualifier='string' )

For more information please check the below link: [+] https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html

Alternatively, you may also try adding retries within your Lambda function to take care of the failed API calls (adminCreateUser, adminAddUserToGroup) so that you don't end up sending the invitation link to a user who doesn't meet your criteria.

AWS
SUPPORT ENGINEER
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions