By using AWS re:Post, you agree to the Terms of Use
Questions in Front-End Web & Mobile
Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

cognito verification link to validate users

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrators: 1. the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes 2. when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. 3. the client will receive a link via email to validate the invitation 4. when the client clicks the link (custom Domain link), he validates the invitation I created a lambda function that creates the user in the Cognito user pool and then added it inside the group (`using adminCreateUser and adminAddUserToGroup AP calls`) ``` const params = { UserPoolId: USER_POOL_ID, Username: event.email, UserAttributes: [ { Name: "email", Value: event.email, }, { Name: "given_name", Value: event.givenName, }, { Name: "family_name", Value: event.familyName, }, ], }; try { const result = await cognitoIdentityServiceProvider .adminCreateUser(params) .promise(); ``` I also configured the Cognito to send a link email > On "Message customisations" page> "Do you want to customize your email verification messages?" > "Verification type" => I chose "Link" option After lambda has run, the user is created with `Confirmation status = ` **Force change password** and the email I received looks like this : ``` Subject = Your temporary password Body = Your username is myEmail@gmail.com and temporary password is Hc>sP40782HNz%. ``` so I expected to receive a Link and when the client click the link it validate the invitation (point 4 above) then the client becomes validated inside my user pool. But I did not receive a link, how can I achieve points 3 and 4? I just want after creating the user and adding it to a group, to make it valid in Cognito once he clicks the emailed link
0
answers
1
votes
35
views
asked 16 hours ago

Add new user to user pool groups as Admin

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrator: - the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes - when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. - the client will receive a link via email to validate the **invitation** - when the client clicks the link (custom Domain link), he validates the invitation In the SDK documentation, I found that a system Admin can add users to the Cognito group using the `adminAddUserToGroup` API call ``` var params = { GroupName: 'STRING_VALUE', /* required */ UserPoolId: 'STRING_VALUE', /* required */ Username: 'STRING_VALUE' /* required */ }; cognitoidentityserviceprovider.adminAddUserToGroup(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response }); ``` but the `adminAddUserToGroup` API call, only take as params the GroupName, UserPoolId and Username ``` { "GroupName": "string", "Username": "string", "UserPoolId": "string" } ``` - how can I get my user created (with the given name, surname, email, and custom attributes...) with this call: `adminAddUserToGroup`? - the username on the params above is it the sys admin username or the user name of the client to create? - how can I validate the invitation once the client clicks the verification link? - should I create a new lambda that sends the verification link or the API call `adminAddUserToGroup` send the email to the user on our behalf? the critical part is how can the system admin create a new user (with all attributes: given name, email....), via the `adminAddUserToGroup` API call and how can I validate the invitation when the user clicks the verification link? Thank you team for your help!
2
answers
1
votes
33
views
asked a day ago

Https call to API Gateway via VPC Endpoint fails to make connection intermittently

I have a private API gateway in its own account. It is used by clients having VPC Endpoint interfaces to execute-api service, and until now these have had Private DNS enabled, and there have been no issues. A new client uses some existing public APIs, so Private DNS is disabled. However, they have had intermittent connectivity to the gateway during their testing. I tried reproducing this from a second account with a test Lambda (node.js, v16, arm) in a VPC, using a VPC Endpoint with Private DNS disabled. I was able to reproduce the intermittent connectivity, but I can't understand why this happens. [Edit: The subnets attached to the VPC use the same security group, and this allows htttps ingress from 10.57.150.0/24] I found that when using the generic endpoint DNS Name (no AZ marker in the name) the intermittent issue could be reproduced. If I switch to using the Endpoint DNS Names that include the AZ marker, then 1 of the DNS Names connected every time, but the other 2 (we use 3 AZs and 1 subnet per AZ) fail to connect with a timeout error. I added a call to resolve the hostname passed in, and all three hosts resolve to what I would expect (10.57.150.x), so I think this is a routing issue rather than DNS. The route tables for all three subnets are the same, 2 routes for the s3 and DynamoDB prefix lists, a route for 10.57.150.0/24 and the remaining 0.0.0.0/0 going via a transit gateway instance. I'm not sure what other information I would need to add here. Has anyone seen anything like this before?
0
answers
0
votes
26
views
asked 2 days ago