Reputation: 11749
Permissions for a AWS Lambda function to list users
I have an AWS Lambda function that needs to be able to run this code:
var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();
cognitoidentityserviceprovider.listUsers(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
.... other useful code ....
});
In other words it should be able to listUsers.
When setting the role in IAM for that, what kind of policy do I need?
Upvotes: 4
Views: 2606
Answers (2)
Reputation: 7407
If you want to list the users in your Cognito User Pool, you need to allow cognito-idp:ListUsers. You can restrict this action to a specific user pool like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "cognito-idp:ListUsers",
"Resource": "arn:aws:cognito-idp:<region>:<account>:userpool/<userpoolid>"
}
]
}
Have a look at Actions, Resources, and Condition Keys for Amazon Cognito User Pools.
Upvotes: 4
Reputation:
You will need to give the IAM role cognito-identity:ListIdentities for more information you can go. https://iam.cloudonaut.io/reference/cognito-identity.html
There may be dependencies with that list operation.
You can also do
cognito-identity:* if you need a less restrictive policy for testing wise.
Upvotes: 0
Related Questions
- lambda - user is not authorized to perform: cognito-idp:ListUsers
- aws lambda - user is not authorized to perform: cognito-idp:ListUsers on resource
- Cognito authorizing a user through AWS lambda function
- How to call a list of AWS Lambda permissions for a function
- AWS AccessDeniedException for lambda ListFunctions on a IAM user
- Permission for IAM user to create lambda function
- AWS: List Cognito Users within Lambda Function
- Lambda call fails with no permission error
- How to get a Cognito authenticated user info in a AWS Lambda function?
- Lambda Function Serverless permission