Problems selecting cognito user pool in appsync

Question

I have user pools in different regions. I can select the user pools from N. Virginia fine. But when selecting Stockholm it says there are no user pools in this region even though I have 2 created with the same settings as the one in N. Virginia.

In the console I get this error:
```
main.js:263 
        
       Refused to connect to 'https://cognito-idp.eu-north-1.amazonaws.com/' because it violates the following Content Security Policy directive: "connect-src https://eu-north-1.console.aws.amazon.com/appsync/tb/creds https://eu-north-1.console.aws.amazon.com/p/ https://eu-north-1.console.aws.amazon.com/phd/ https://*.ccs.amazonaws.com https://eu-north-1.console.aws.amazon.com/api/ https://us-east-1.console.aws.amazon.com/feedback/custsat/ https://*.analytics.console.aws.a2z.com https://console.aws.amazon.com/aperture/ https://console.aws.amazon.com/panoramaroute https://console.aws.amazon.com/panoramaroute/allowlist https://phd.aws.amazon.com https://unifiedsearch.amazonaws.com/search https://eu-north-1.console.aws.amazon.com/panoramaroute https://eu-north-1.console.aws.amazon.com/panoramaroute/allowlist https://ccs.amazonaws.com https://global.console.aws.amazon.com/lotus/metadata https://eu-north-1.console.aws.amazon.com/lotus/metadata https://eu-north-1.prod.signer.console-api.aws.amazon.com https://health.aws.amazon.com https://us-east-1.ctrl.prod.os.notifications.aws.dev https://eu-north-1.console.aws.amazon.com/features-proxy/ https://telemetry.cell-0.eu-north-1.prod.tangerinebox.console.aws.a2z.com/telemetry https://cognito-idp.us-west-2.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://cognito-idp.us-east-2.amazonaws.com https://cognito-idp.eu-west-1.amazonaws.com https://cognito-idp.eu-west-2.amazonaws.com https://cognito-idp.ap-southeast-2.amazonaws.com https://cognito-idp.ap-northeast-1.amazonaws.com https://cognito-idp.eu-central-1.amazonaws.com https://cognito-idp.ap-southeast-1.amazonaws.com https://cognito-idp.ap-south-1.amazonaws.com https://cognito-idp.ap-northeast-2.amazonaws.com https://cognito-idp.eu-west-3.amazonaws.com https://cognito-idp.sa-east-1.amazonaws.com https://cognito-idp.us-west-1.amazonaws.com https://cognito-idp.ca-central-1.amazonaws.com https://cognito-idp.eu-south-1.amazonaws.com https://cognito-idp.me-south-1.amazonaws.com https://es.us-west-2.amazonaws.com https://es.us-east-1.amazonaws.com https://es.us-east-2.amazonaws.com https://es.eu-west-1.amazonaws.com https://es.eu-west-2.amazonaws.com https://es.ap-southeast-2.amazonaws.com https://es.ap-northeast-1.amazonaws.com https://es.eu-central-1.amazonaws.com https://es.ap-southeast-1.amazonaws.com https://es.ap-south-1.amazonaws.com https://es.ap-northeast-2.amazonaws.com https://es.eu-north-1.amazonaws.com https://es.eu-west-3.amazonaws.com https://es.sa-east-1.amazonaws.com https://es.us-west-1.amazonaws.com https://es.ca-central-1.amazonaws.com https://es.eu-south-1.amazonaws.com https://es.me-south-1.amazonaws.com https://es.ap-east-1.amazonaws.com https://es.ap-northeast-3.amazonaws.com https://es.ap-southeast-3.amazonaws.com https://es.af-south-1.amazonaws.com https://dynamodb.us-west-2.amazonaws.com https://dynamodb.us-east-1.amazonaws.com https://dynamodb.us-east-2.amazonaws.com https://dynamodb.eu-west-1.amazonaws.com https://dynamodb.eu-west-2.amazonaws.com https://dynamodb.ap-southeast-2.amazonaws.com https://dynamodb.ap-northeast-1.amazonaws.com https://dynamodb.eu-central-1.amazonaws.com https://dynamodb.ap-southeast-1.amazonaws.com https://dynamodb.ap-south-1.amazonaws.com https://dynamodb.ap-northeast-2.amazonaws.com https://dynamodb.eu-north-1.amazonaws.com https://dynamodb.eu-west-3.amazonaws.com https://dynamodb.sa-east-1.amazonaws.com https://dynamodb.us-west-1.amazonaws.com https://dynamodb.ca-central-1.amazonaws.com https://dynamodb.eu-south-1.amazonaws.com https://dynamodb.me-south-1.amazonaws.com https://dynamodb.ap-east-1.amazonaws.com https://dynamodb.ap-northeast-3.amazonaws.com https://dynamodb.ap-southeast-3.amazonaws.com https://dynamodb.af-south-1.amazonaws.com https://rds.us-west-2.amazonaws.com https://rds.us-east-1.amazonaws.com https://rds.us-east-2.amazonaws.com https://rds.eu-west-1.amazonaws.com https://rds.eu-west-2.amazonaws.com https://rds.ap-southeast-2.amazonaws.com https://rds.ap-northeast-1.amazonaws.com https://rds.eu-central-1.amazonaws.com https://rds.ap-southeast-1.amazonaws.com https://rds.ap-south-1.amazonaws.com https://rds.ap-northeast-2.amazonaws.com https://rds.eu-north-1.amazonaws.com https://rds.eu-west-3.amazonaws.com https://rds.sa-east-1.amazonaws.com https://rds.us-west-1.amazonaws.com https://rds.ca-central-1.amazonaws.com https://rds.eu-south-1.amazonaws.com https://rds.me-south-1.amazonaws.com https://rds.ap-east-1.amazonaws.com https://rds.ap-northeast-3.amazonaws.com https://rds.ap-southeast-3.amazonaws.com https://rds.af-south-1.amazonaws.com https://secretsmanager.us-west-2.amazonaws.com https://secretsmanager.us-east-1.amazonaws.com https://secretsmanager.us-east-2.amazonaws.com https://secretsmanager.eu-west-1.amazonaws.com https://secretsmanager.eu-west-2.amazonaws.com https://secretsmanager.ap-southeast-2.amazonaws.com https://secretsmanager.ap-northeast-1.amazonaws.com https://secretsmanager.eu-central-1.amazonaws.com
```

Answer

The error message you provided indicates that there is a Content Security Policy (CSP) violation preventing the connection to the Cognito Identity Provider (cognito-idp) endpoint in the eu-north-1 (Stockholm) region. This could be due to a misconfiguration or restriction in your application's CSP settings.

**Resolution**

To resolve this issue, you need to update the CSP directive to include the necessary connect sources for the Cognito user pool in the Stockholm region. The connect sources are the URLs or domains that your application is allowed to connect to.

Based on the error message, you're using AWS AppSync, so you should update the CSP directive in your application's configuration related to AppSync.

Once you've updated the CSP directive, try accessing the Cognito user pool in the Stockholm region again. It should no longer give you the "no user pools in this region" error, and the connection to the cognito-idp endpoint should be allowed.

Remember to review and adjust your CSP settings carefully to ensure they align with your application's security requirements.

For more information on adding security headers please see: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-add-security-headers.html

Problems selecting cognito user pool in appsync

Relevant content