CODEWITHSUNDEEP
amazon-web-servicesamazon-cognito
Dmitry Grinko
Dmitry Grinko

Reputation: 15204

How to delete a user from the user pool in the NodeJS lambda by admin

I faced a problem when a user has signed up but doesn't want to confirm his email. The solution is to delete an unconfirmed user from AWS Cognito.

So as I don't know his password, I am trying to write a Lambda function which I will trigger through API Gateway. This lambda should remove Cognito user.

I wrote this code but it doesn't work.

var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({
    apiVersion: '2016-03-18',
});

var params = {
  UserPoolId: 'us-east-1_123456',
  Username: '[email protected]' // I want to remove this user
};


cognitoidentityserviceprovider.adminDeleteUser(params, function (err, data) {
    if (err) {
        callback(err, err.stack);
    } else {
        callback(data);
    }
});

I get an error:

user is not authorized to perform ...

Because of security, I don't want to set my admin credentials on frontend part and I want to do all work in this lambda... How to do it?

Any ideas? Any solutions to prevent this problem?

Upvotes: 2

Views: 1958

Answers (2)

Zayin Krige
Zayin Krige

Reputation: 3308

const cisp = new CognitoIdentityServiceProvider({ apiVersion: '2016-04-18' })
cisp.adminDeleteUser().promise() //delete current user as admin

Upvotes: 0

Juan Sebastian
Juan Sebastian

Reputation: 1077

You can assign a role to the lambda function and make a call to cognito api without passing any argument to the library you use to access aws services, that way the credential provider would fallback to the assumed role and have the lambda execution role's identity.

Usually roles are the way to go with amazon related authorizations.

Btw, this means that you have to create an iam role, a policy with the right cognito actions allowed and attach it to said role.

Upvotes: 2

Related Questions