By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

User Migration Trigger Lambda Not Functioning

0

I'm attempting to implement the example lambda from the AWS documentation https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html in Python. After combing through the documentation many times, it seems to me that I need to set the 'userAttributes', 'finalUserStatus', and 'messageAction' fields for the 'UserMigration_Authentication' flow and Cognito does the rest. However, after following the example and writing the following code, my lambda trigger does not migrate the user. I've verified this by going to the Cognito logs and the user does not exist. I am using AWS' HostedUI and the HostedUI returns an error upon attempted migration (The username or password you entered is invalid). I have code to migrate the user manually, however I'd like to use AWS' method.

If anyone can provide insight into my errors, I would appreciate it.

def lookup_user(username, old_user_pool):
    # ... Lookup user in legacy user pool (old_user_pool) ...
    return user

def authenticate_user(old_user_pool, old_client_id, username, password):
   # ... Authenticate user in legacy user pool (old_user_pool) ...
    return lookup_user(username, old_user_pool)

def usermigration_authentication(event, old_user_pool, old_client_id, username, password):

    user = authenticate_user(old_user_pool, old_client_id, username, password)

    if not user:
        raise Exception('Bad Credentials')

    event['response']['userAttributes'] = user['Attributes']
    event['response']['finalUserStatus'] = 'CONFIRMED'
    event['response']['messageAction']= "SUPPRESS"

    return event

def usermigration_forgotpassword(event, old_user_pool, username):
    user = lookup_user(username, old_user_pool)
    if not user:
        raise Exception('Bad Credentials')

    event['response']['userAttributes'] = user['Attributes']
    event['response']['messageAction']= "SUPPRESS"

    return event

def handler(event, context):

    trigger_source = event['triggerSource']
    password = event['request']['password']
    email = event['userName']
    logger.info({'message': "User email: " + email})

    old_user_pool = os.environ.get('migration_user_pool')
    old_client_id = os.environ.get('old_client_id')

    try:
        if trigger_source == "UserMigration_Authentication":
            event = usermigration_authentication(event, old_user_pool, old_client_id, email, password)
        elif trigger_source == "UserMigration_ForgotPassword":
            event = usermigration_forgotpassword(event, old_user_pool, email)

    except Exception as err:
        logger.error({'message': {'Error attempting to migrate user': err}})

    return event

Edited by: ansonss on Oct 19, 2020 6:17 AM

Topics
ServerlessCompute
Tags
AWS Lambda
Language
English
ansonss
asked 4 years ago789 views
1 Answer
0

Here was my issue:

I used the boto3 cognito-idp.list_users() function to obtain the user attributes of the previous user pool - wanting to automate everything. However, this call returned the attributes in the following fashion:

{
   'Name': name_string,
   'Value': value_string
}

The user migration lambda requires the attributes to be formatted in the following way:

{
    name_string: value_string
}

Simple data manipulation fixed the issue.

Edited by: ansonss on Oct 20, 2020 10:23 AM

ansonss
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content