By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

amplify post-confirmation cognito trigger not working

0

I can't believe how difficult this is. Following the official docs found here (https://docs.amplify.aws/guides/functions/cognito-trigger-lambda-dynamodb/q/platform/js/#create-the-lambda-function). Also reviewed some other community builder type posts...

Set up a lambda to write to an existing dynamodb table (set up in amplify graphql schema) which does not trigger. Also the docs do not make any mention of permissions. I tried without them and also by adding permissions to the lambda execution role in the specific lambda's foo-cloudformation-template.json. Since the lambda doesn't run, there are no logs to review.

Specific steps were:

1/ set up ddb table in graphql schema 2/ added lambda with access to dynamodb resources 3/ amplify push 4/ go to cognito, add post-confirmation trigger to above lambda 5/ test and fails 6/ visit lambda, no permissions to write to ddb table (none mentioned in docs but i have had to do using other lambdas with amplify) 7/ added resource permissions to write to ddb in cloudformation-template.json 8/ amplify push 9/ verified permissions exist as does the lambda invoke function from cognito. 10/ still fails

Have used node.js 18 and 16 versions. Other lambdas in my amplify app work fine connecting to backend resources.

Please advise. Thanks.

V.

Addendum: I have self-sign up turned off and am adding users in the cognito userl pools section but I don't see how that should make a difference as the user signs in successfully.

Topics
ServerlessComputeFront-End Web & MobileSecurity, Identity, & ComplianceDatabaseManagement & Governance
Tags
AWS LambdaAWS AmplifyAmazon CognitoAmazon DynamoDBAmazon Verified Permissions
Language
English
Vince_bighire_tools
asked 9 months ago299 views
1 Answer
0

Hi Vince, you should decompose the issue by trying to run the lambda that you created through CLI invoke with payload that you tailored manually.

See https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lambda/invoke.html

The payload that your manual should provide is described here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-confirmation.html#cognito-user-pools-lambda-trigger-syntax-post-confirmation

When you get your lambda to work properly in those manual invocations, you can go back to Cognito and try to trigger it via Cognito to see what happens.

Hope it helps Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 9 months ago
  • Vince_bighire_tools
    9 months ago

    Will give it a try and report back.

  • Vince_bighire_tools
    9 months ago

    Oddly the lambda worked fine right away, Multiple attempts to get the cognito trigger to fire failed after adjusting permissions on the console multiple times. More testing...

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content