aws-cdk: [cognito] can't add cognito trigger after UserPool.fromUserPoolId

version:

"@aws-cdk/aws-cognito": "^1.60.0",

Code

    const amplifyUserPool = cognito.UserPool.fromUserPoolId(
      this,
      "amplifyUserPool",
      "us-east-1_ABCDE"
    );

    console.log("addTrigger" in amplifyUserPool);

Expect

true

Receive

false

Documentation

Importing User Pools addTrigger

The documentation indeed mentions:

However, imported user pools have limited configurability. As a rule of thumb, none of the properties that is are part of the AWS::Cognito::UserPool CloudFormation resource can be configured.

But when I was using serverless framework, it works like a charm. Just wonder any workarounds against this? I want to move my full serverless stack to CDK, it is such a beautiful tech.

There is a stackoverflow question against this: https://stackoverflow.com/questions/61816264/add-lambda-trigger-to-imported-cognito-user-pool-with-aws-cdk

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 18
Comments: 23 (5 by maintainers)

Most upvoted comments

I was not able to get the above solution working as I did not have access to the underlying CfnUserPool via fromUserPoolId or node.defaultChild.

I was however able to add triggers to a user pool imported via fromUserPoolId by using a custom resource:

    const userPool = Cognito.UserPool.fromUserPoolId(this, "UserPool", userPoolId);

    new CustomResources.AwsCustomResource(this, "UpdateUserPool", {
      resourceType: "Custom::UpdateUserPool",
      onCreate: {
        region: this.region,
        service: "CognitoIdentityServiceProvider",
        action: "updateUserPool",
        parameters: {
          UserPoolId: userPool.userPoolId,
          LambdaConfig: {
            PreSignUp: preSignUpHandler.functionArn,
            DefineAuthChallenge: defineAuthChallengeHandler.functionArn,
            CreateAuthChallenge: createAuthChallengeHandler.functionArn,
            VerifyAuthChallengeResponse: verifyAuthChallengeResponseHandler.functionArn,
          },
        },
        physicalResourceId: CustomResources.PhysicalResourceId.of(userPool.userPoolId),
      },
      policy: CustomResources.AwsCustomResourcePolicy.fromSdkCalls({ resources: CustomResources.AwsCustomResourcePolicy.ANY_RESOURCE }),
    });

+18

derekslarson on Jun 3, 2021

⚠️ Warning about using CustomResource with API Call to UpdateUserPool ⚠️

We are using the CustomResource to update the cognito user pool with the api call of updateUserPool, like https://github.com/aws/aws-cdk/issues/10002#issuecomment-854169838, and other attributes got change for no reason, like seeding a verification email.

If you only specify the lambda config, other attribute will be reset to the default one as documented in the API DOC

As you can see, there’s not a big emphasis on it!

JPLemelin on Apr 7, 2022

I’m trying to do this inside of an amplify project using amplify add custom. It seems though since amplify at this point can’t deploy assets to S3 AwsCustomResource is not working since they run within a lambda. Whatever I try I end up with an error message when running amplify push

Parameters:[AssetParameters4074092ab8b435c90a773e082601fa36def54c91cadfae59451bd0beda547cbcArtifactHashF236251A, AssetParameters4074092ab8b435c90a773e082601fa36def54c91cadfae59451bd0beda547cbcS3VersionKey547E84F8, AssetParameters4074092ab8b435c90a773e082601fa36def54c91cadfae59451bd0beda547cbcS3Bucket02FC0B28] must have values

My goal is to add the CustomEmailSender trigger since it’s not supported by the amplify cli yet.

jkollmann on Jan 5, 2022

FYI - After adding the triggers with a custom resource, I also had to grant invoke permission:

const invokeCognitoTriggerPermission = {
        principal: new iam.ServicePrincipal('cognito-idp.amazonaws.com'),
        sourceArn: userPool.userPoolArn
}

preSignUpHandler.addPermission('InvokePreSignUpHandlerPermission', invokeCognitoTriggerPermission)
defineAuthChallengeHandler.addPermission('InvokeDefineAuthChallengeHandlerPermission', invokeCognitoTriggerPermission)
/// etc...

andriworld on Aug 19, 2021

@skinny85 that worked a treat! Thank you so much 🙇🏻

For anyone else encountering this issue, the solution looks like this:

const cfnPool = template.getResource("UserPool") as cognito.CfnUserPool;
cfnPool.lambdaConfig = {
  userMigration: migrate.functionArn,
};

brianium on Feb 3, 2021

⚠️ Warning about using CustomResource with API Call to UpdateUserPool ⚠️ We are using the CustomResource to update the cognito user pool with the api call of updateUserPool, like #10002 (comment), and other attributes got change for no reason, like seeding a verification email. If you only specify the lambda config, other attribute will be reset to the default one as documented in the API DOC As you can see, there’s not a big emphasis on it!

Is there any way to add the trigger without resetting the others? I can’t import the template

Hi, I have probably workaround 😃

I am new in AWS but I had same problem with resetting user pool changes to defaults (sending emails). I dealt with it in my project by adding custom resource with lambda which basically do three things:

DescribeUserPool (get current user pool config)
Adds postConfirmationTrigger to current LambdaConfig
UpdateUserPool (update not only one field but passes almost all given by DescribeUserPool)

link: https://github.com/MartinMartinni/aws-shop/blob/main/backend/src/services/user/post-confirmation-trigger/updateUserPool.ts

I know that may not be the best way but worked for me. After that sending emails is working 😃

MartinMartinni on Nov 6, 2023

⚠️ Warning about using CustomResource with API Call to UpdateUserPool ⚠️

We are using the CustomResource to update the cognito user pool with the api call of updateUserPool, like #10002 (comment), and other attributes got change for no reason, like seeding a verification email.

If you only specify the lambda config, other attribute will be reset to the default one as documented in the API DOC

As you can see, there’s not a big emphasis on it!

Is there any way to add the trigger without resetting the others? I can’t import the template

Yehonal on Jul 4, 2023