Reputation: 457
SignUp User via AWS Lambda & Cognito (Serverless Architecture)
I am working with the Serverless Framework in my approach to Authentication. My goal is to create an API endpoint that triggers (via AWS API Gateway) a Lambda Function that creates a new AWS Cognito user. The endpoint will have a custom authorizer to protect it.
My Lambda function is below. When it's run, I receive the error "NotAuthorizedException: SignUp is not permitted for this user pool". Any thought on how to authorize my Lambda function to create a new user?
'use strict';
var AmazonCognitoIdentity = require('amazon-cognito-identity-js');
var CognitoUserPool = AmazonCognitoIdentity.CognitoUserPool;
var CognitoUserAttribute = AmazonCognitoIdentity.CognitoUserAttribute;
module.exports.init = (event, context, callback) => {
console.log('Lambda initiated with event:',event);
// Define AWS Cognito User Pool
var poolData = {
"UserPoolId": process.env['COGNITO_USER_POOL_ID'],
"ClientId": process.env['COGNITO_APP_CLIENT_ID']
};
var userPool = new CognitoUserPool(poolData);
console.log('userPool:',userPool);
// Define User Attributes
var attributeList = [];
var dataEmail = {
"Name": "email",
"Value": "[email protected]"
};
var attributeEmail = new CognitoUserAttribute(dataEmail);
attributeList.push(attributeEmail);
console.log('attributeList:',attributeList);
// Create User via AWS Cognito
userPool.signUp('username', 'password', attributeList, null, function(err, result) {
if(err) {
console.log('err:',err);
callback(err,null);
} else {
console.log('result:',result);
cognitoUser = result.user;
console.log('user name is ' + cognitoUser.getUsername());
callback(null,result);
}
});
};
Upvotes: 12
Views: 15029
Answers (3)
Reputation: 17364
In the new console, the setting is located under
User Pool -> Sign-up experience -> Self-service sign-up -> Self-registration
The description is misleading, but switching it to Enalbed fixes the issue
Upvotes: 1
Reputation: 474
As Chean Mehta pointed out, you can disable the AdminCreateUser setting for SignUp API to work, for that you have to set AllowAdminCreateUserOnly to false in your serverless cognito configuration or you can disable this by following these steps:
- Go to your cognito console.
- Select your user pool.
- Select Policies under General settings.
- Select Allow users to sign themselves up
- and Save changes
Upvotes: 6
Reputation: 5661
"NotAuthorizedException: SignUp is not permitted for this user pool" exception is thrown when the user pool only allows administrators to create the users via the AdminCreateUser API. With this setting enabled, SignUp API cannot be called and will throw this error.
If you are calling this from a lambda trigger you can use AdminCreateUser API or disable this setting so your user pool allows SignUp API calls.
Upvotes: 18
Related Questions
- Authentication with Lambda and AWS Cognito
- node.js server-side validation of cognito credentials
- User Authentication (Signup & Login) on AWS with Lambda, Cognito or IAM
- Cognito authorizing a user through AWS lambda function
- Amazon Cognito Registration Confirmation
- Serverless Framework with server-side authentication and Cognito
- AWS Lambda - Cognito sign up/log in on a node.js lambda function
- How to authenticate users using Lambda functions and AWS Cognito?
- AWS Cognito adminCreateUser from Lambda
- How to do Cognito authentication in lambda function?