You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When creating a Cognito userpool with terraform and adding the Lambda triggers, the operation completes successfully however when checking the Cognito console, the triggers seem to not be associated with the userpool. Upon investigation, realized that Cognito needs permission to invoke function and just adding it in the lambda config in the terraform script is not enough. According to Cognito's documentation You'll need to make an additional call to add permission for Cognito to invoke your Lambda function. Looking at the terraform logs, this call is not performed at all although the response suggests that the call was successful.
Attempted Solutions
The explored solution at this time is to manually associate the triggers on the conginto console or making the add permissions calls separately after the userpool has been created.
Proposal
When making the creating the userpool through terraform, it should have logic to add those permissions within this operation instead of making the separate call or manually associating the triggers.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
ghost
locked and limited conversation to collaborators
Jul 26, 2019
This issue was closed.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Current Terraform Version
Use-cases
When creating a Cognito userpool with terraform and adding the Lambda triggers, the operation completes successfully however when checking the Cognito console, the triggers seem to not be associated with the userpool. Upon investigation, realized that Cognito needs permission to invoke function and just adding it in the lambda config in the terraform script is not enough. According to Cognito's documentation You'll need to make an additional call to add permission for Cognito to invoke your Lambda function. Looking at the terraform logs, this call is not performed at all although the response suggests that the call was successful.
Attempted Solutions
The explored solution at this time is to manually associate the triggers on the conginto console or making the add permissions calls separately after the userpool has been created.
Proposal
When making the creating the userpool through terraform, it should have logic to add those permissions within this operation instead of making the separate call or manually associating the triggers.
References
https://www.terraform.io/docs/providers/aws/r/cognito_user_pool.html
https://www.terraform.io/docs/providers/aws/r/lambda_permission.html
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html#CognitoUserPools-CreateUserPool-request-LambdaConfig
The text was updated successfully, but these errors were encountered: