validate cognito user created by Admin


Hi team, I have a lambda function that

  1. add a new user to Cognito user pool
  2. add that newly created user to a Cognito Group
  3. add user's information to a DynamoDB table

sometimes an error occurs, after step 1 or while adding the user to dynamo DB, so it ends with a situation where the user is added in Cognito but not to the group or not to the DynamoDB table.

is there a way to use a kind of transaction in a lambda function where we don't end up in an inconsistent state (user added in Cognito but no associated information in DDB table, if an error occurs after staep1)?

my second question is how can we validate a user added with AdminCreateUser API

using AdminCreateUser API call, my user is created with Force change password status, and then I want to send them a link( the default link of Cognito doesn't work) to verify their information and then validate the invitation. So how can I validate, in Cognito user pool, a user created with AdminCreateUser with the status Force change password using a custom link sent to the client?

Thank you team!!

1 Answer

One solution I would have for that is to first add the user to DynamoDB, and then use DynamoDB Streams and a Lambda to add the user to Cognito, if you fail at that point and you cannot add the user to Cognito for some reason, remove the DynamoDB item.

Hopefully someone with Cognito experience will be able to answer your second question.

profile pictureAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions