AWS Cognito : Handling User Attributes Updates


In my AWS app , I am using AWS Cognito Service to handle User signup/login/auth etc . I also am using AWS RDS Database which will have a User table along with other tables needed in my app. This user table will replicate the users in my users pool and I want to do this through cognito triggers . I have used postConfirmation trigger to handle the user creation in my RDS database when the user confirms his account , but I'm not sure how to handle when a user wants to update any attribute . I have two options in mind and im not sure which one is better

  1. Use a trigger like CustomMessage for example , which should be triggered on update user attribute
  2. Create an endpoint using APIGateway and a lambda function that handles this logic of updating both the RDS database and cognito. Please also share if there is another proposed way of handling this , keeping in mind im trying to follow best practices and conventions. Thank you
1 Answer
Accepted Answer

Option 1: Cognito Trigger Use a Cognito trigger such as CustomMessage or another suitable trigger for updating user attributes. However, Cognito does not have a dedicated trigger specifically for user attribute updates.

Option 2: API Gateway and Lambda Create an API endpoint using API Gateway that triggers a Lambda function to handle the update logic. This approach would involve:Users making update requests through your application .The request hitting the API Gateway endpoint. The Lambda function being invoked to update both Cognito user attributes and the corresponding RDS record.

Proposed Approach: Given your requirements, the API Gateway and Lambda approach is more robust and follows best practices:

API Gateway: Expose an endpoint for user attribute updates. Secure the endpoint using AWS Cognito Authorizer. Lambda Function:

Verify the user’s identity and update the attributes in Cognito. Update the corresponding user record in the RDS database. Benefits: Centralized Logic: All update logic is centralized in a single Lambda function, making it easier to maintain and extend. Flexibility: Easy to implement additional checks or business logic during the update process. Security: The API Gateway can leverage Cognito for secure and authenticated requests.

profile picture
answered 14 days ago
profile picture
reviewed 14 days ago
  • Thank you for your detailed reply!

  • You are welcome

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions