I have a Cognito federated identity pool which uses a Cognito User Pool as an authentication provider. I use Amplify Storage API to upload a file to S3 in a bucket. The object key is stored with a prefix of the identity id from the federated identity pool (e.g. eu-west-2:ce19be59-769d-4ca7-8c9b-c99a368666cf) How can I map this to the cognito pool user sub that was used for the authentication? i.e. the user from the linked login cognito-idp.eu-west-2.amazonaws.com/eu-west-2_UbEEmSmxOlg...

Our agents are unable to transfer a clients call to another agent. When they try to transfer the call using the quick connection feature everything starts normally but, the transfer never gets done, leaving the client on hold. I have tried to check the cloudwatch looking for some error, but it does not record the transfer process, which makes me think that it does not enter the transfer flow at all. The chat and task transfers work normally and the cloudwatch registers them correctly. The call transfer is the only one that is causing us problems.lg...

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrators: 1. the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes 2. when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. 3. the client will receive a link via email to validate the invitation 4. when the client clicks the link (custom Domain link), he validates the invitation I created a lambda function that creates the user in the Cognito user pool and then added it inside the group (`using adminCreateUser and adminAddUserToGroup AP calls`) ``` const params = { UserPoolId: USER_POOL_ID, Username: event.email, UserAttributes: [ { Name: "email", Value: event.email, }, { Name: "given_name", Value: event.givenName, }, { Name: "family_name", Value: event.familyName, }, ], }; try { const result = await cognitoIdentityServiceProvider .adminCreateUser(params) .promise(); ``` I also configured the Cognito to send a link email > On "Message customisations" page> "Do you want to customize your email verification messages?" > "Verification type" => I chose "Link" option After lambda has run, the user is created with `Confirmation status = ` **Force change password** and the email I received looks like this : ``` Subject = Your temporary password Body = Your username is myEmail@gmail.com and temporary password is Hc>sP40782HNz%. ``` so I expected to receive a Link and when the client click the link it validate the invitation (point 4 above) then the client becomes validated inside my user pool. But I did not receive a link, how can I achieve points 3 and 4? I just want after creating the user and adding it to a group, to make it valid in Cognito once he clicks the emailed linklg...

Hello, I am new to AWS Lambda, I created a Pytorch Lambda function using SAM with architecture x86_64. When invoking the same function with SAM local invoke, the total billable seconds is around 7 seconds, but after "sam deploy --guided" I invoked lambda function + API gateway using Python request module with the exact same setting as sam local invoke (Memory = 3 GB). Then the total billable seconds is around 17 seconds. I just did not understand why there is 10 seconds increase in time.lg...

based on the docs, enabling throttling allows to set rate and burst in a usage plan. if burst is the number of request api will handle concurrently, so should the rate be always equal or less than the burst limit? why would we want a higher rate than we can can handle?lg...

I have been battling this for a while. The user must be able to view, edit and create API's. I have tried using the AWS Policy Generator to create the following: ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmtxxxxxxxxxxx", "Action": "apigateway:*", "Effect": "Allow", "Resource": "arn:aws:apigateway:us-east/*" } ] } ``` Then when testing the policy, I get that my username does not have apigateway: GET rights. What gives?lg...

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrator: - the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes - when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. - the client will receive a link via email to validate the **invitation** - when the client clicks the link (custom Domain link), he validates the invitation In the SDK documentation, I found that a system Admin can add users to the Cognito group using the `adminAddUserToGroup` API call ``` var params = { GroupName: 'STRING_VALUE', /* required */ UserPoolId: 'STRING_VALUE', /* required */ Username: 'STRING_VALUE' /* required */ }; cognitoidentityserviceprovider.adminAddUserToGroup(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response }); ``` but the `adminAddUserToGroup` API call, only take as params the GroupName, UserPoolId and Username ``` { "GroupName": "string", "Username": "string", "UserPoolId": "string" } ``` - how can I get my user created (with the given name, surname, email, and custom attributes...) with this call: `adminAddUserToGroup`? - the username on the params above is it the sys admin username or the user name of the client to create? - how can I validate the invitation once the client clicks the verification link? - should I create a new lambda that sends the verification link or the API call `adminAddUserToGroup` send the email to the user on our behalf? the critical part is how can the system admin create a new user (with all attributes: given name, email....), via the `adminAddUserToGroup` API call and how can I validate the invitation when the user clicks the verification link? Thank you team for your help!lg...

I have a private API gateway in its own account. It is used by clients having VPC Endpoint interfaces to execute-api service, and until now these have had Private DNS enabled, and there have been no issues. A new client uses some existing public APIs, so Private DNS is disabled. However, they have had intermittent connectivity to the gateway during their testing. I tried reproducing this from a second account with a test Lambda (node.js, v16, arm) in a VPC, using a VPC Endpoint with Private DNS disabled. I was able to reproduce the intermittent connectivity, but I can't understand why this happens. [Edit: The subnets attached to the VPC use the same security group, and this allows htttps ingress from 10.57.150.0/24] I found that when using the generic endpoint DNS Name (no AZ marker in the name) the intermittent issue could be reproduced. If I switch to using the Endpoint DNS Names that include the AZ marker, then 1 of the DNS Names connected every time, but the other 2 (we use 3 AZs and 1 subnet per AZ) fail to connect with a timeout error. I added a call to resolve the hostname passed in, and all three hosts resolve to what I would expect (10.57.150.x), so I think this is a routing issue rather than DNS. The route tables for all three subnets are the same, 2 routes for the s3 and DynamoDB prefix lists, a route for 10.57.150.0/24 and the remaining 0.0.0.0/0 going via a transit gateway instance. I'm not sure what other information I would need to add here. Has anyone seen anything like this before?lg...

 do I have to incude it here? Thanks in advance!lg...

why is "Sending Enabled" always wrong? even though I've used this method: aws ses update-account-sending-enabled --no-enabled --region but still falselg...

DKIM configuration is not successful even after adding DKIM records for the domain abcdefh.com . We are getting an error while sending any email as "diagnosticCode": "smtp; 550-5.7.26 Unauthenticated email from abcdefh.com is not accepted due to\n550-5.7.26 domain's DMARC policy. Please contact the administrator of\n550-5.7.26 abcdefh.com domain if this was a legitimate mail. Please visit\n550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the\n550 5.7.26 DMARC initiative. n3-20020a170902e54300b0017cb3aec328si12748332plf.279 - gsmtp"lg...

We just breached 0.1% warning level for aws pinpoint sending out emails and currently in the 'warning' level. I was reviewing our historic complaints percentage and it seems to only go up even after we take people who complain off the list (we get automated emails from SES about complaints (unless we aren't getting all of them)). Even after taking them off the sending lists, we see our historical complaints percentage stable and it only goes up when new complaint is email to us. What have you done to decrease your historical complaints percentage?lg...