lambda is not authorized to perform: cognito-idp:ListUsers #1565
Comments
|
Here is my solution: data "aws_iam_policy_document" "pre_signup_policy_doc" {
statement {
sid = ""
effect = "Allow"
actions = ["cognito-idp:ListUsers"]
resources = ["*"]
}
}
resource "aws_iam_role_policy" "iam_for_presignup_lambda_policy" {
role = "${aws_iam_role.iam_for_presignup_lambda.id}"
policy = "${data.aws_iam_policy_document.pre_signup_policy_doc.json}"
// policy = <<EOF
//{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-idp:ListUsers" ], "Resource": "*" } ] }
//EOF
}
|
|
@engharb can you share some context of how you’d use that (Also, does that duplicate check work for you, i.e., are you using the hosted UI and does it do something useful when you return that error?) |
|
@mrcoles based on my knowledge this is separated issue. I mean there is no direct relation between configuring your aws-infrastructure than your-amplify-project settings. In order to be able to check i.e the existence of email or username in Cognito-User-Pool using Amplify-js or external API you have to create a policy enabling your Lambda functions to get access/permission to your Cognito-User-Pool (something like that). And regarding Honestly I'm not using Hosted UI directly. I used to create my own form and then validate the submitted data using Amplify-js API. And for social login I used to call Not at all. |
|
Thanks for the response. I was able to get it working in my AWS Amplify project. For anyone else who’s trying to figure it out… List Users PermissionIn an AWS Amplify project they auto-create a bunch of stuff for you and when you create a lambda function And there’s a Cloudformation file in that directory at {
"Effect": "Allow",
"Action": ["cognito-idp:ListUsers"],
"Resource": {
"Fn::Sub": [
"arn:aws:cognito-idp:${region}:${account}:*",
{
"region": {
"Ref": "AWS::Region"
},
"account": {
"Ref": "AWS::AccountId"
},
"lambda": {
"Ref": "LambdaFunction"
}
}
]
}
}Error message in Hosted UIUsing the hosted UI and returning an error with the newer callback syntax,
However, with Social Signin, instead of showing the me error in the UI, it redirects me back to my app to a URL like this:
and I have to handle that in my UI I suppose. This isn’t ideal, but it’s something workable. Also, I’m flabbergasted that there’s no option to have Cognito pools make emails case-insensitive. |
|
@mrcoles from today new User Pools can be created with case insensitivity for username input |
|
@engharb Thanks for bringing up the problem, I was going to post this question anyways. |
- 인증 및 S3에 대한 람다 트리거 추가 - Cognito 트리거의 경우, lambdatriggerc602322aPostConfirmation-cloudformation-template 수정 필요 - Cognito 접근을 위해 Policy에 cogniot-idp 관련 권한 추가 - aws-amplify/amplify-js#1565 참고 - 각 트리거 테스트를 위한 클라이언트 추가 - React Router를 사용하여 각 테스트에 대한 컴포넌트 구현
|
This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs. Looking for a help forum? We recommend joining the Amplify Community Discord server |
What is the current behavior?
I want to create a lambda function trigger PreSignUp and checks if there are other users already signed up using the same email.
here is my function:
I used to get such error
Do you have any suggestion and how to configure the IAM-lambda role.
My current lambda role:
The text was updated successfully, but these errors were encountered: