serverless: AWS Cognito Event Triggers for CustomEmailSender & CustomSMSSender

Cognito has two hidden triggers, that are not available on the console but can be pointed to in the documentation:

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sender-triggers.html

I would love to be able to link my serverless lambda function to this event within the serverless.yaml.

This seems to be what is currently allowed: Serverless: Configuration warning at 'functions.QueueEmailSvc.events[0].cognitoUserPool.trigger': should be equal to one of the allowed values [PreSignUp, PostConfirmation, PreAuthentication, PostAuthentication, PreTokenGeneration, CustomMessage, DefineAuthChallenge, CreateAuthChallenge, VerifyAuthChallengeResponse, UserMigration]

Use case description

These hidden AWS Cognito triggers allow us to send emails/sms via a different provider. I would like to be able to use serverless deploy to deploy my lambdas and hook them directly to these triggers.

Proposed solution

The proposed solution here is to be able to connect my aws lambda to both of these hidden lambda triggers directly in my serverless.yaml. This would in effect link these functions to the CustomEmailSender and CustomSMSSender triggers in my cognito userpool.

functions:
  ExampFunc:
    name:  test123
    handler: src/test.handler
    events:
      - cognitoUserPool:
         pool: {COGNITO_USER_POOL_ID}
         trigger: CustomEmailSender
  ExampFunc2:
    name:  test1234
    handler: src/test2.handler
    events:
      - cognitoUserPool:
         pool: {COGNITO_USER_POOL_ID}
         trigger: CustomSMSSender

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 23
Comments: 19 (8 by maintainers)

Commits related to this issue

fix: Add CustomSenders as lambda cognito user pool target AWS Cognito user pool support two new lambda triggers: CustomSMSSender and CustomEmailSender. To use those two trigger user has to specifiy `... — committed to Delorien84/serverless by deleted user 2 years ago

Most upvoted comments

That would be much appreciated @Fomin2402.

As for the information that you might find useful:

Our contributing guide: https://github.com/serverless/serverless/blob/master/CONTRIBUTING.md
Testing guide: https://github.com/serverless/serverless/blob/master/test/README.md
Module where we have current implementation for cognitoUserPool events: https://github.com/serverless/serverless/blob/master/lib/plugins/aws/package/compile/events/cognitoUserPool.js

I believe you will have to adjust available valid trigger sources https://github.com/serverless/serverless/blob/8c37e0ac6df7a1a010e57ef14702185b2ef07dfa/lib/plugins/aws/package/compile/events/cognitoUserPool.js#L8 and properly test it.

pgrzesik on Apr 23, 2021

@keisaito-mx1 Terraform now supports this if you guys are using it.

Outside of that this needs to just be set up once in the Cognito’s lifespan, and is easily scriptable if you follow the AWS documentation. I would share my script but it’s company property.

ksparakis on Nov 16, 2021

Hey @keisaito-mx1 - there wasn’t any progress on this one as far as I know but we’re open for a contribution 💯

pgrzesik on Nov 16, 2021

Thanks for your proposal @ksparakis 🙇 I think we should be able to potentially support these trigger types as well. Do you happen to know what is needed to decrypt the received secrets from Cognito on the Lambda side?

We’d be happy to accept a PR with the proposed change 💯

Hi!

Thank you for getting back to me @pgrzesik.

You need to setup an encryption key on KMS. Then link that key to the Cognito instance. The instructions and examples of doing this can be found here if you scroll down a little:

AWS DOCS CustomEmailSender example

AWS DOCS CustomSMSSender example

I have yet to take a look at the serverless codebase! I’ll see if I can help out but my time is rather limited at the current time 😃

ksparakis on Feb 5, 2021