Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Comments: Create a Cognito Test User #18

Closed
jayair opened this issue Apr 10, 2017 · 53 comments

Comments

Projects
None yet
@jayair
Copy link
Member

commented Apr 10, 2017

@jayair jayair added the Discussion label Apr 10, 2017

@Pancakerobot

This comment has been minimized.

Copy link

commented Apr 10, 2017

to create the user and confirm I had to add an extra parameter to both calls (--region us-east-1)

$ aws cognito-idp sign-up \
  --client-id YOUR_COGNITO_APP_CLIENT_ID \
  --username admin@example.com \
  --password Passw0rd! \
  --user-attributes Name=email,Value=admin@example.com \
  _**--region us-east-1**_
@jayair

This comment has been minimized.

Copy link
Member Author

commented Apr 10, 2017

@Pancakerobot good tip, we've gotten some feedback from some people that have run into region related issues.

@geirman

This comment has been minimized.

Copy link

commented Apr 14, 2017

I had the same problem. You get the region from your Pool Id. Mine was us-east-2_dUMVe5SZr but it doesn't look like you need anything after the underscore. so tacking on --region us-east-2 worked for me

@jayair

This comment has been minimized.

Copy link
Member Author

commented Apr 14, 2017

Added it to the chapter - 562b54b

@zohaibshahzadTO

This comment has been minimized.

Copy link

commented May 15, 2017

I'm having trouble running

$ aws cognito-idp sign-up
--region us-east-1
--client-id YOUR_COGNITO_APP_CLIENT_ID
--username admin@example.com
--password Passw0rd!
--user-attributes Name=email,Value=admin@example.com

Actually when I even try running the first line "aws cognito-idp sign-up" into the command prompt (im using windows), it just gives me this error.

cmd trouble

I'm pretty sure I configured it in the beginning. Any help would be greatly appreciated.

`

@jayair

This comment has been minimized.

Copy link
Member Author

commented May 15, 2017

@Hollow27 When you try the full command (with the client-id passed in), what is the error you are seeing?

@zohaibshahzadTO

This comment has been minimized.

Copy link

commented May 16, 2017

This is what I'm getting (kind of a noob using the terminal):
cmd555

Unknown output type: [None]

^thats what im getting when I try the full command with client-id passed in.

@jayair

This comment has been minimized.

Copy link
Member Author

commented May 17, 2017

@Hollow27 Yeah I'm not too familiar with Windows. But @ryanjcruz is a Windows user. Maybe he can help you?

@ryanjcruz

This comment has been minimized.

Copy link
Contributor

commented May 18, 2017

@jayair @Hollow27 you'd need to add \ at the end of the command per line i.e
$ aws cognito-idp sign-up \
--region us-east-1 \
--client-id YOUR_COGNITO_APP_CLIENT_ID \
--username admin@example.com \
--password Passw0rd! \
--user-attributes Name=email,Value=admin@example.com

then the last line shouldn't have any as that should be the enter key needed to execute the command.

@jayair

This comment has been minimized.

Copy link
Member Author

commented May 18, 2017

@ryanjcruz I'm thinking of adding instructions for Windows users soon. I can use your help with that. Do you mind if I ping you once I figure out the format for it?

@ryanjcruz

This comment has been minimized.

Copy link
Contributor

commented May 19, 2017

@jayair no probs, happy to help out.

@wilsonmar

This comment has been minimized.

Copy link

commented May 29, 2017

@ryanjcruz It would help if the instructions show output from commands.
Is "UserConfirmed": false, from the response I got expected?

{
    "UserConfirmed": false, 
    "CodeDeliveryDetails": {
        "AttributeName": "email", 
        "Destination": "a***@j***.com", 
        "DeliveryMedium": "EMAIL"
    }
}

Also, having common error responses would be helpful as well. I'm writing because I got this doing verification:
An error occurred (UnrecognizedClientException) when calling the AdminConfirmSignUp operation: The security token included in the request is invalid.

The response is from this command:

aws cognito-idp admin-confirm-sign-up \
  --region us-west-2 \
  --user-pool-id us-west-2_bAEhmtfs7 \
  --username admin1@jetbloom.com

The user-pool-id value I got from Pool details: Pool Id, above the Pool ARN.

@jayair

This comment has been minimized.

Copy link
Member Author

commented May 29, 2017

@wilsonmar That's a good idea. I'll be adding sections to chapters with common errors people are getting.

@wilsonmar

This comment has been minimized.

Copy link

commented May 29, 2017

@fwang

This comment has been minimized.

Copy link
Member

commented May 29, 2017

@wilsonmar The response you received for the sign-up step looks good. User will only be confirmed after the admin-confirm-sign-up step, which will succeed silently.

Your error An error occurred (UnrecognizedClientException) when calling the AdminConfirmSignUp operation: The security token included in the request is invalid. sounds very much like AWS CLI credentials not specified correctly. Could do refer to these two chapters and double check the CLI configuration.
http://serverless-stack.com/chapters/create-an-iam-user.html
http://serverless-stack.com/chapters/configure-the-aws-cli.html

At the end of the day, you should have a file at ~/.aws/credentials look similar to

[default]
aws_access_key_id = AKXXXXXXXXXXXXXXXXMQ
aws_secret_access_key = JOsGrxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc132
@wilsonmar

This comment has been minimized.

Copy link

commented May 30, 2017

OK, I Googled around and found this explanation on May 25, 2016 by EdL@AWS:
"Cognito User Pools are currently only available in US East (Virginia)." at https://forums.aws.amazon.com/thread.jspa?messageID=722312

Since the first mention of region is at
http://serverless-stack.com/chapters/create-an-s3-bucket-for-file-uploads.html
I've forked, created branch 'Cognito-User-Pools-only-avail-US-East-1, and updated file as
#93

@fwang

This comment has been minimized.

Copy link
Member

commented May 31, 2017

Cognito User Pools were made available in us-west-2, US West (Oregon) later in 2016.
https://aws.amazon.com/blogs/aws/amazon-cognito-your-user-pools-now-generally-available/

You shouldn't be able to create the pool in the first place if it were not available.

@wilsonmar

This comment has been minimized.

Copy link

commented May 31, 2017

@fwang

This comment has been minimized.

@pjamieson

This comment has been minimized.

Copy link

commented Jul 1, 2017

I have multiple AWS profiles for different accounts. Since the one I'm using for this tutorial isn't my default, I needed to add the --profile [profile name from my ~/.aws/credentials file] flag to both CLI commands. Hope this helps!

@jayair

This comment has been minimized.

Copy link
Member Author

commented Jul 1, 2017

Thanks for the tip @pjamieson. I'll add it to the tutorial when I get a chance.

@wellyal

This comment has been minimized.

Copy link

commented Jul 26, 2017

Nothing works
I've ran into this problem while running the command

aws cognito-idp sign-up \
  --region us-east-1 \
  --client-id 4kjstkv1m9t0orh6n569jnhgt5 \
  --username admin@example.com \
  --password Passw0rd! \
  --user-attributes Name=email,Value=admin@example.com
An error occurred (ResourceNotFoundException) when calling the SignUp operation: User pool client 4kjstkv1m9t0orh6n569jnhgt5 does not exist.
@wellyal

This comment has been minimized.

Copy link

commented Jul 26, 2017

Problem solved. My problem was the region. My region pool was us-west-2 not 1.

@RaphaelMui

This comment has been minimized.

Copy link

commented Jul 31, 2017

Thanks @pjamieson. I have multiple profiles too. When the '--profile ' parameter was not specified, 'sign-up' succeed but 'admin-confirm-sign-up' failed. I seems that the --region parameter was ignored.

@QuantumInformation

This comment has been minimized.

Copy link

commented Sep 18, 2017

I solved the OP issue, but this is what I got next:
#133

@KelpDuNord

This comment has been minimized.

Copy link

commented Oct 20, 2017

aws cognito-idp admin-confirm-sign-up --region us-east-1 --user-pool-id us-east-1_fdlHwCS7x --username admin@example.com just returns "User pool us-east-1_fdlHwCS7x does not exist." I can see the user created with aws cognito-idp sign-up in the user pool with a status of UNCONFIRMED. I've recreated the user pool three times with the same result.

@QuantumInformation

This comment has been minimized.

Copy link

commented Oct 20, 2017

You probably created the pool in the wrong region.

@jayair

This comment has been minimized.

Copy link
Member Author

commented Oct 21, 2017

@KelpDuNord Hmm that's really weird. So aws cognito-idp sign-up works but aws cognito-idp admin-confirm-sign-up does not work?

@HeyMarcy

This comment has been minimized.

Copy link

commented Oct 22, 2017

This is my second attempt and I get the same error:
An error occurred (IncompleteSignatureException) when calling the AdminConfirmSignUp operation: 'key' not a valid key=value pair (missing equal-sign) in Authorization header...

@lucasgonze

This comment has been minimized.

Copy link

commented Oct 23, 2017

Thanks for this discussion. It led me to the solution. I looked up the correct region by going to the Cognito home page (e.g. at https://us-east-2.console.aws.amazon.com/cognito/home), clicking "Manage your user pools", selecting the user pool I created for the tutorial, and looking at the Pool ID.

@KelpDuNord

This comment has been minimized.

Copy link

commented Oct 23, 2017

I just tried again, and yes, the signup worked but confirm did not. After running aws configure (I may have missed this before?), the confirm was successful.

@jayair

This comment has been minimized.

Copy link
Member Author

commented Oct 25, 2017

@KelpDuNord Thanks for reporting back. Can you tell me what you set in the aws configure command?

@lucasgonze Thanks for sharing your experience.

@HeyMarcy Can you show me the full command you used?

@toyeebgodo

This comment has been minimized.

Copy link

commented Oct 31, 2017

@Hollow27 , were you able to solve your issue? I had the same issue, however changing region to us-east-2 (--region us-east-2 )worked for me.

@Jaikant

This comment has been minimized.

Copy link

commented Nov 18, 2017

On running:
aws cognito-idp sign-up --region ap-south-1 --client-id xxxxx --username admin@example.com --password Passw0rd!

I got the below error

An error occurred (InvalidParameterException) when calling the SignUp operation: Cannot perform specific action because there does not exist a valid use pool domain associated with the user pool

I added the domain name in: User Pool -> App Integration -> Domain Name
and then it seemed to work:

epiphany-consulting jai$ aws cognito-idp sign-up --region ap-south-1 --client-id xxxxyyyy --username admin@example.com --password Passw0rd!
{
"UserConfirmed": false,
"CodeDeliveryDetails": {
"AttributeName": "email",
"Destination": "a***@e***.com",
"DeliveryMedium": "EMAIL"
}
}

@saurabh-vyas

This comment has been minimized.

Copy link

commented Nov 18, 2017

I am getting error as cognito-idp sub-cmd itself is not recognised.

vyas@gladiator:~$ aws cognito-idp sign-up --client-id $my-client-id --username admin@example.com --password Passw0rd! --user-attributes Name=email,Value=admin@example.com --region us-east-1
usage: aws [options] <command> <subcommand> [parameters]
aws: error: argument command: Invalid choice, valid choices are:

autoscaling                              | cloudformation                          
cloudfront                               | cloudsearch                             
cloudsearchdomain                        | cloudtrail                              
cloudwatch                               | cognito-identity                        
cognito-sync                             | datapipeline                            
directconnect                            | dynamodb                                
ec2                                      | elasticache                             
elasticbeanstalk                         | elastictranscoder                       
elb                                      | emr                                     
iam                                      | importexport                            
kinesis                                  | kms                                     
lambda                                   | logs                                    
opsworks                                 | rds                                     
redshift                                 | route53                                 
route53domains                           | sdb                                     
ses                                      | sns                                     
sqs                                      | storagegateway                          
sts                                      | support                                 
swf                                      | s3api                                   
s3                                       | configure                               
deploy                                   | configservice                           
help                                    

Not sure if need something else to aws cli to look for cognito-idp

(using Ubuntu 17.0.4)
vyas@gladiator:~$ aws --version
aws-cli/1.6.6 Python/2.7.13 Linux/4.10.0-38-generic

Thoughts / comments ..... please.

@jayair

This comment has been minimized.

Copy link
Member Author

commented Nov 18, 2017

@saurabh-vyas That's really weird. Are you using the latest AWS CLI?

This is my version.

$ aws --version
aws-cli/1.11.189 Python/2.7.10 Darwin/16.7.0 botocore/1.7.47
@saurabh-vyas

This comment has been minimized.

Copy link

commented Nov 19, 2017

@jayair : seems like the older version did not had this sub-cmd. I uninstalled awscli & re-installed that ... and with version 1.11.189 .... I was able to run this succesfully

vyas@gladiator:~/Learning/Serverless/notes-app-api$ aws cognito-idp sign-up --client-id $my-client-id --username admin@example.com --password Passw0rd! --user-attributes Name=email,Value=admin@example.com --region us-east-1
{
    "UserConfirmed": false, 
    "UserSub": "938c49aa-344e-4c89-9dfe-4c25ad9a2afc", 
    "CodeDeliveryDetails": {
        "AttributeName": "email", 
        "Destination": "a***@e***.com", 
        "DeliveryMedium": "EMAIL"
    }
}
@jayair

This comment has been minimized.

Copy link
Member Author

commented Nov 22, 2017

@saurabh-vyas Great! Thanks for reporting back.

@svj13

This comment has been minimized.

Copy link

commented Dec 4, 2017

Hello I am getting an error others haven't seemed to have run into. I'm very new to AWS, and Serverless is my first go at using it. I'm running into issues with verifying the account

In windows powershell:
aws cognito-idp admin-confirm-sign-up
--region us-east-2
--user-pool-id us-east-2**********
--username admin@example.com \

I get the following error:
An error occurred (InvalidSignatureException) when calling the AdminConfirmSignUp operation: Signature expired: 20171204T063700Z is now earlier than 20171204T193202Z (20171204T193702Z - 5 min.)

Advice would be greatly appreciated so I can keep chugging through this tutorial :) i have changed it all to be the correct region as well. I don't really understand what my error means

I have discovered that I can verify manually though the AWS platform, but I would prefer things ran as they should through the terminal

@Jaikant

This comment has been minimized.

Copy link

commented Dec 5, 2017

@jayair

This comment has been minimized.

Copy link
Member Author

commented Dec 5, 2017

@Jaikant Oh that's a good catch.

@johanseland

This comment has been minimized.

Copy link

commented Dec 13, 2017

I also got the InvalidSignatureExceptionError when trying to run admin-confirm-sign-up step. Strangely the sign-up step worked as expected, so there must be a difference in how these two commands escapes the secret key.

I am adding this here in case someone else runs into problems, as this issue pops up on top of the Google search.

The error:

An error occurred (InvalidSignatureException) when calling the AdminConfirmSignUp operation: The request signature we calculated does not match the signature you provided. Check your AWS Secretr Access Key and signing method. Consult the service documentation for details.

This was caused by my secret key containing a plus '+' sign.
This happened on a Windows 10 installation with the following awscli version.

C:\WINDOWS\system32>aws --version
aws-cli/1.14.9 Python/3.4.3 Windows/8 botocore/1.8.13

Once I regenerated an ID/Key-pair without a plus sign, the error disappeared.

@jayair

This comment has been minimized.

Copy link
Member Author

commented Dec 15, 2017

@johanseland Thanks for the comment and the context.

@spencerattick

This comment has been minimized.

Copy link

commented Dec 20, 2017

@svj13 I'm having the same problem you had and can't figure it out. How did you verify the test user through AWS rather than through the command line?

@karthickng

This comment has been minimized.

Copy link

commented Mar 9, 2018

I had the InvalidSignatureException issue, and it was resolved once I added a new access key for the admin user! I don't know the reason why, but this worked for me.

Note that something similar has been pointed out by @bedney in the discussion at https://github.com/aws/aws-sdk-js/issues/86

@pflugs30

This comment has been minimized.

Copy link

commented Mar 17, 2018

I'm having the same issue as @KelpDuNord above where the sign-up command worked, but the admin-confirm-sign-up command does not work.

I run:
aws cognito-idp admin-confirm-sign-up --region us-east-1 --user-pool-id us-east-1_mV4oIXtXy --username admin@example.com

I receive:
An error occurred (ResourceNotFoundException) when calling the AdminConfirmSignUp operation: User pool us-east-1_mV4oIXtXy does not exist.

I've done the following:

  • Generated a new Access ID and Secret Key for my serverless system account (since mine had a '+' in it and I'm on Windows)
  • Delete the user pool and start over
  • Confirm the user pool id is correct and in the same region as the command
  • Use the ARN instead of user pool id
  • Tried running the describe-user-pool command with the user pool id and having the same error
  • Confirmed my AWS configure was correct and that the serverless account has admin access

I will confirm the user manually through the console, but I want to know why this is happening. Any ideas? Thanks.

Update

I figured it out. My AWS credentials file was corrupt, if you can call it that. It had two credentials under the [default] name. I'm not sure how that happened. I discovered this problem by running aws configure again and seeing that my new keys weren't being persisted. On Windows, I navigated to %USER_PROFILE%\.aws and edited the credentials file in a text editor as opposed to through the command window. Then, when I ran my command to confirm the user, it worked as expected.

@jayair

This comment has been minimized.

Copy link
Member Author

commented Mar 17, 2018

@pflugs30 Flag you figured it out. Thanks for following up.

@codywr

This comment has been minimized.

Copy link

commented Mar 23, 2018

I started the tutorial a couple months ago and ran into some problems. I only just recently picked it back up trying to double check each step and noticed an error on this one.

Doing this on a Raspberry Pi (running Raspbian) and have noticed that some of the libraries are quite old. That said, here is my aws version:

pi@raspberrypi:~ $ aws --version
aws-cli/1.14.28 Python/2.7.13 Linux/4.9.59-v7+ botocore/1.8.32

I believe I was able to create a test user just fine with:

pi@raspberrypi:~/sandbox $ aws cognito-idp sign-up --region us-east-1 --client-id $my_client_id --username admin@example.com --password Passw0rd!

but when I go to confirm the creation, I get an error:

pi@raspberrypi:~/sandbox $ aws cognito-idp admin-confirm-sign-up --region us-east-1 --user-pool-id $my_client_id --username admin@example.com

An error occurred (NotAuthorizedException) when calling the AdminConfirmSignUp operation: User cannot be confirm. Current status is CONFIRMED

Checking the aws console shows successful creation and confirmation (I think):
image

Is this all expected behavior? I have double checked the region (a frequent problem it appears) and created a new IAM (Access key ID , Secret access key) pair (and re-running aws configure) to no avail.

I would like to echo what others have said about including expected output in this section of the tutorial and/or some common problems and how to resolve them.

@jayair

This comment has been minimized.

Copy link
Member Author

commented Mar 23, 2018

@codywr From the Created and Last Modified date, it seems like the user was created a while ago? Maybe you had it confirmed back then?

@codywr

This comment has been minimized.

Copy link

commented Mar 23, 2018

@jayair Can it only be confirmed once? I was expecting a confirmation each time I asked for one. From the look of the error (NotAuthorizedException), I was thinking this was some sort of permissions problem.

@jayair

This comment has been minimized.

Copy link
Member Author

commented Mar 26, 2018

@codywr Yeah it can only be confirmed once. The error is weird but I'm pretty sure it's because it's been confirmed before.

@jayair jayair closed this May 9, 2018

@jayair jayair reopened this May 9, 2018

@jayair

This comment has been minimized.

Copy link
Member Author

commented May 9, 2018

@jayair jayair closed this May 9, 2018

@enriqueheyhey

This comment has been minimized.

Copy link

commented Nov 30, 2018

  1. Click on your username on top nav, My Security Credentials
  2. Click on Access Key Tab, Create New, copy the key and secret.
  3. in terminal, run $ aws configure and use the new key and secret.
  4. Run the command again: serverless invoke local --function create --path mocks/create-event.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.