SignUp User via AWS Lambda & Cognito (Serverless Architecture)

Asked 9/6, 2017 at 21:40 Answered 13/7, 2024 at 5:56

Solved javascript authentication aws-lambda amazon-cognito serverless-framework

I am working with the Serverless Framework in my approach to Authentication. My goal is to create an API endpoint that triggers (via AWS API Gateway) a Lambda Function that creates a new AWS Cognito user. The endpoint will have a custom authorizer to protect it.

My Lambda function is below. When it's run, I receive the error "NotAuthorizedException: SignUp is not permitted for this user pool". Any thought on how to authorize my Lambda function to create a new user?

'use strict';

var AmazonCognitoIdentity = require('amazon-cognito-identity-js');
var CognitoUserPool = AmazonCognitoIdentity.CognitoUserPool;
var CognitoUserAttribute = AmazonCognitoIdentity.CognitoUserAttribute;

module.exports.init = (event, context, callback) => {

  console.log('Lambda initiated with event:',event);

  // Define AWS Cognito User Pool
  var poolData = {
    "UserPoolId": process.env['COGNITO_USER_POOL_ID'],
    "ClientId": process.env['COGNITO_APP_CLIENT_ID']
  };
  var userPool = new CognitoUserPool(poolData);
  console.log('userPool:',userPool);

  // Define User Attributes
  var attributeList = [];
  var dataEmail = {
    "Name": "email",
    "Value": "[email protected]"
  };
  var attributeEmail = new CognitoUserAttribute(dataEmail);
  attributeList.push(attributeEmail);
  console.log('attributeList:',attributeList);

  // Create User via AWS Cognito
  userPool.signUp('username', 'password', attributeList, null, function(err, result) {
    if(err) {
      console.log('err:',err);
      callback(err,null);
    } else {
      console.log('result:',result);
      cognitoUser = result.user;
      console.log('user name is ' + cognitoUser.getUsername());
      callback(null,result);
    }
  });

};

Stonwin answered 9/6, 2017 at 21:40 Comment(0)

"NotAuthorizedException: SignUp is not permitted for this user pool" exception is thrown when the user pool only allows administrators to create the users via the AdminCreateUser API. With this setting enabled, SignUp API cannot be called and will throw this error.

If you are calling this from a lambda trigger you can use AdminCreateUser API or disable this setting so your user pool allows SignUp API calls.

Snowslide answered 9/6, 2017 at 23:47 Comment(0)

As Chean Mehta pointed out, you can disable the AdminCreateUser setting for SignUp API to work, for that you have to set AllowAdminCreateUserOnly to false in your serverless cognito configuration or you can disable this by following these steps:

Go to your cognito console.
Select your user pool.
Select Policies under General settings.
Select Allow users to sign themselves up
and Save changes

Farthingale answered 13/12, 2019 at 9:17 Comment(0)

In the new console, the setting is located under

User Pool -> Sign-up experience -> Self-service sign-up -> Self-registration

The description is misleading, but switching it to Enalbed fixes the issue

Tillage answered 13/7, 2024 at 5:56 Comment(0)

Recommended topics

Hot tags