Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Lambda can't call Cognito Identity - IAM Role

Tags:

javascript

node.js

lambda

amazon-web-services

amazon-cognito

I've got a bit of javascript which runs on my local machine but doesn't work from within the Lambda.

It timeouts when calling cognitoidentity.getOpenIdTokenForDeveloperIdentity

{
  "errorMessage": "2016-03-17T16:50:25.181Z 4fa3fa5a-ec60-11e5-8316-415fa39313da Task timed out after 15.00 seconds"
}

On local it works fine (calling into AWS production services) so it must be the policy I have attached to the Lambda.

Here are the policies I have:

AmazonCognitoDeveloperAuthenticatedIdentities

AWSLambdaVPCAccessExecutionRole

And this is the custom one I also have:

 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "mobileanalytics:PutEvents",
                "cognito-sync:*"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "lambda:InvokeFunction"
            ],
            "Resource": [
                "arn:aws:lambda:eu-west-1:myaccountid:function:users_login"
            ]
        }
    ]
}

The Lambda ARN was copied directly from that Lambda screen. Any ideas of what's missing?

like image 843
Daniel Wardin Avatar asked Mar 17 '16 16:03

Daniel Wardin

People also ask

How do you connect Lambda to Cognito?

To add a user pool Lambda trigger with the consoleGo to the Amazon Cognito console , and then choose User Pools. Choose an existing user pool from the list, or create a user pool. Choose the User pool properties tab and locate Lambda triggers. Choose Add a Lambda trigger.

How do you give IAM role to Lambda function?

Attach the IAM policy to an IAM roleNavigate to the IAM console and choose Roles in the navigation pane. Choose Create role. Choose AWS service and then choose Lambda. Choose Next: Permissions.

How do I allow API users to run AWS Lambda with their Amazon Cognito permissions?

To allow users to run Lambda with their Amazon Cognito permissions, follow these steps: Use the API Gateway console to establish your Amazon Cognito user pool as an authorizer. Then, assign the Amazon Cognito user pool as the authorizer for the method of your API.

1 Answers

it must be the policy I have attached

No, if that were the case you would be getting a permission denied error, not a timeout.

It looks like your Lambda function has VPC access. You need to configure a NAT gateway for your VPC in order for the Lambda function to have access to anything outside the VPC, including AWS services like Cognito.

like image 63
Mark B Avatar answered Sep 24 '22 21:09

Mark B
Sign in to Comment

Related questions

Improving build time with Gulp and Babel
Get JSON code from Textarea and parse it
What is the purpose of source maps?
How to prevent clicking on a checkbox's label from stealing focus
Downloading Torrent with Node.JS
Aurelia.io for hybrid apps
How to use node-inspector with `npm start` for my application?
Is `export { foo as default }` valid ES2015?
Is it okay to call clearInterval() before setInterval()?
Sort hash ascending by value using sortBy in javascript
How to declare local function inside ES6 class?
How to store and read session (value) in AngularJs?
How can I add multiple inputs from an HTML UI to a Google Spreadsheet?
Karma+Mocha+React Cannot convert a Symbol value to a string
Bootstrap-select didnt show on page load
Why does calling indexedDB.deleteDatabase prevent me from making any further transactions?
Angular 2 - How to set id attribute to the dynamically loaded component
how to remove hash tag (#) from url address in ui-router
How can I format an ISO 8601 date to a more readable format, using Javascript? [duplicate]
About querySelector() with multiple selectors

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!