From AWS Cognito to DynamoDB Using Triggers

In previous articles, we looked at how to use AWS Cognito, an Identity as a Service provider. One of the features of AWS Cognito that I find most interesting is the use of Triggers to extend the default flows. These triggers are serverless functions using another Amazon service, AWS Lambda.

Triggers on AWS Cognito

Event triggers allow us to customize actions to send a personalized message, before or after authentication or after confirmation. The complete information on the triggers and their data model is available in the documentation. In our example, we are going to use the Post Confirmation Trigger.

Table in DynamoDB — Part I

In this example, we will see how an entry in DynamoDB can be generated after the user confirms the account. The table will save the information of the registered user. The creation of the table and the features of DynamoDB and NoSQL is not part of this article but it is super simple. Like the rest of the AWS services, it can be done directly from the console.

Post Confirmation Trigger — Part I

The first thing is to create a function in AWS Lambda. It can be created using different programming languages. In this example, we will use Node.js since it allows us to use the online editor.

After creating the function, it appears in the drop-down options, you just need to select it and that’s it. When Cognito invokes the function, it does so with a data schema of the given events. This is important in order to define the test case.

Security Policy

Now we must implement the logic of the function, but, first, we must configure the security policy that will allow the lambda function to access the table in DynamoDB. Otherwise, the function will generate an error when we try to save the record in the table. Security policies are created and managed from the Amazon Web Services IAM service.

Below is the JSON representation of the security policy.

The complete article is available in DZone Security
Artículo en español

Thanks for reading!


Todas las opiniones expresadas son mías y no representan opiniones de ninguna entidad con la que he estado, estoy o estaré afiliado

All views expressed are my own and do not represent opinions of any entity whatsoever with which I have been, am now, or will be affiliated