amplify-js: Add Trigger for when User changes User Attributes

Is this related to a new or existing framework?

No response

Is this related to a new or existing API?

Authentication

Is this related to another service?

Lambda

Describe the feature you’d like to request

Not sure if this feature is available but I want a way to trigger a lambda function once a user changes user attributes through Auth.updateUserAttributes method.

Describe the solution you’d like

To add an option in the CLI for creating a trigger in Auth when a user modifies their attributes and also add a option in the cognito userpool triggers

Describe alternatives you’ve considered

Currently, the solution I can think of is to create a lambda function connected to graphql that takes in the modified parameters. The lambda function then send the request to update user attributes along with the actions I want the lambda function to perform.

Additional context

No response

Is this something that you’d be interested in working on?

👋 I may be able to implement this feature request
⚠️ This feature might incur a breaking change

About this issue

Original URL
State: open
Created 3 years ago
Reactions: 18
Comments: 15 (2 by maintainers)

Most upvoted comments

This feature request is incredibly relevant and it doesn’t seem to be getting any attention. Do we have any updates on it @elorzafe?

ygormartins on Feb 12, 2024

For anyone who needs this, I solved it by turning on a management API cloudtrail (free) which sends management api events to an S3 bucket and linking that to EventBridge. I create an eventbridge rule for “ChangePassword” or “VerifyUserAttribute” (for when an email is changed and confirmed). To find the event name, just trigger the event in your application then check your CloudTrail event history, inspect it and you’ll see the event name. You may have to refresh it a few times before it shows up.

In code it looks like this (but you can make it in the console)

  const eventRuleCognitoUserVerifiedEmail = new Rule(
    stack,
    "CognitoUserVerifiedEmail",
    {
      //default has default event bus
      eventPattern: {
        source: ["aws.cognito-idp"],
        detail: {
          eventSource: ["cognito-idp.amazonaws.com"],
          eventName: ["VerifyUserAttribute"],
          errorCode: [{ exists: false }],
        },
        detailType: ["AWS API Call via CloudTrail"],
      },
      targets: [stateMachineUpdateEmail]
    },
  );

Then the target of the rule is what gets triggered when the event happens. You can add a lambda function as the target.

So you can make your own Cognito lambda triggers for any events that aren’t currently supported by default.

Some more guides: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule.html

Meags27 on Apr 3, 2024

Use case for me is validating preferredUsername before allowing user to update it. Lambda trigger for updating userAttributes would be very helpful.

alionthego on May 7, 2022

Hi @chrisbonifacio, thank you for your response.

Yes, that is what I am currently doing on my frontend. But since this is on the frontend it might introduce some decoupling between the data from Auth and my database. So, it would be better to have a single lambda call to handle both changes. Could this code be used on the backend?

In another thought, it might be better to store all mutable data on the database. But the problem is that some of the data that can be changed is initialized once the user signs up and might not have access to the database yet. In addition, retrieving the data from Cognito might be cheaper than from Appsync DB.

henryhuangh on Apr 7, 2022