Cant set AWS cognito triggers using CLI

Question

I am trying to set a lambda trigger on cognito for Auth Challenge using AWS-CLI, which involves DefinAuthChallenge, CreateAuthChallenge, VerifyAuthChallenge etc.

aws cognito-idp update-user-pool     --user-pool-id <>    --lambda-config DefineAuthChallenge=<lambda-function-arn>:<function_name>:<function_alias>  --lambda-config CreateAuthChallenge=<lambda-function-arn>:<function_name>:<function_alias> --lambda-config VerifyAuthChallengeResponse=<lambda-function-arn>:<function_name>:<function_alias>

After I run this only the last lambda trigger config remains and DefineAuthChallenge, CreateAuthChallenge configuration is lost.

Please help me understand how to configure the lambda triggers on Cognito using CLI. I cant do this through UI because the function alias does not appear on the UI. And so, AWS-CLI is my only option.

score 4 · Answer 1 · answered Mar 06 '20 at 15:02

As explained in reference, please concatenate multiple trigger options using commas

aws cognito-idp update-user-pool --user-pool-id <> --lambda-config DefineAuthChallenge=<lambda-function-arn>:<function_name>:<function_alias>,CreateAuthChallenge=<lambda-function-arn>:<function_name>:<function_alias>,VerifyAuthChallengeResponse=<lambda-function-arn>:<function_name>:<function_alias>

score 2 · Answer 2 · answered Sep 02 '20 at 16:59

I cant get @alessio answer to work. Setting them one at a time works but it wipes all the other settings.

Here we are with just commas separating my two triggers

aws cognito-idp update-user-pool --user-pool-id <pool-id> --lambda-config PreSignUp=arn:aws:lambda:us-east-1:<mynumbers>:function:registerStudent:prod, PreAuthentication=arn:aws:lambda:us-east-1:<mynumbers>:function:validateStudent:prod

I also wrapped the arn string with double quotes same response.

Here we go with JSON

aws cognito-idp update-user-pool --user-pool-id <pool-id> --lambda-config {"PreSignUp":"arn:aws:lambda:us-e
ast- 1:<mynumbers>:function:registerStudent:prod", "PreAuthentication":"arn:aws:lambda:us-east-1:<mynumbers>:function
:validateStudent:prod"}

For both of those attemps there is pretty much the same respone:

Unknown options: PreAuthentication:arn:aws:lambda:us-east-1:<mynumbers>:function:validateStudent:prod

The only difference being equal signs for the comma seperated vs colon for the JSON.

Has anyone been able to get this to work with two triggers?

-Andrew

score 2 · Answer 3 · answered May 13 '21 at 19:48

2

Do it like this:

aws cognito-idp update-user-pool
  --user-pool-id <pool-id>
  --lambda-config
    DefineAuthChallenge=<lambda-function-arn>:<function_name>:<function_alias>,
    CreateAuthChallenge=<lambda-function-arn>:<function_name>:<function_alias>,
    VerifyAuthChallengeResponse=<lambda-function-arn>:<function_name>:<function_alias>

answered May 13 '21 at 19:48

Eduardo Oviedo Blanco

357
3
11

1

I will try this – Mukund Gandlur May 14 '21 at 16:58
If you have issues with the new lines, then add \ at the end, like this: aws cognito-idp update-user-pool \ --user-pool-id \ ... – Eduardo Oviedo Blanco May 15 '21 at 17:10

Cant set AWS cognito triggers using CLI

3 Answers3