Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
AWS Events - Cognito User Pool Triggers fail to deploy
See original GitHub issueThis is a Bug Report
Description
-
What went wrong? I tried to deploy Cognito Triggers on 1.50.0. The error I’m getting related to PreSignUp: “is not authorized to perform: iam:PassRole on resource”. In 1.49.0 it deploys correctly however I need to include a UserMigration trigger and this is only available in 1.50.0. I am deploying with full Admin privileges.
-
What did you expect should have happened? Deploy all
-
What was the config you used?
functions:
preSignUp:
handler: handler.autoConfirmUser
events:
- cognitoUserPool:
pool: ${self:provider.environment.COGNITO_POOL}
trigger: PreSignUp
existing: true
migrateUser:
handler: handler.migrateUser
events:
- cognitoUserPool:
pool: ${self:provider.environment.COGNITO_POOL}
trigger: UserMigration
existing: true
postConfirmation:
handler: handler.addUserToGroup
events:
- cognitoUserPool:
pool: ${self:provider.environment.COGNITO_POOL}
trigger: PostConfirmation
existing: true
- What stacktrace or error message from your provider did you see?
An error occurred: PreSignUpCustomCognitoUserPool1 - Failed to create resource. User: arn:aws:sts::844180208621:assumed-role/ttw3-cognito-triggers-liv-IamRoleCustomResourcesLa-9S662UBZG46B/ttw3-cognito-triggers-live2-custom-resource-existing-cup is not authorized to perform: iam:PassRole on resource: arn:aws:iam::844180208621:role/ttw3c9c9ab1014_sns-role-live See details in CloudWatch Log: 2019/08/24/[$LATEST]8062f5ca32e947f6a06a0e36a5284457.
Similar or dependent issues:
Additional Data
- Serverless Framework Version you’re using: 1.50.0
- Operating System: MacOS
- Stack Trace:
- Provider Error messages:
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Installing dependencies for custom CloudFormation resources...
Serverless: Uploading CloudFormation file to S3...
Serverless: Uploading artifacts...
Serverless: Uploading service ttw3-cognito-triggers.zip file to S3 (58.28 MB)...
Serverless: Uploading custom CloudFormation resources...
Serverless: Validating template...
Serverless: Updating Stack...
Serverless: Checking Stack update progress...
............................................
Serverless: Operation failed!
Serverless: View the full error output: https://us-west-2.console.aws.amazon.com/cloudformation/home?region=us-west-2#/stack/detail?stackId=arn%3Aaws%3Acloudformation%3Aus-west-2%3A844180208621%3Astack%2Fttw3-cognito-triggers-live2%2Ff71c10f0-c6b6-11e9-994f-021a2c452506
Serverless Error ---------------------------------------
An error occurred: PreSignUpCustomCognitoUserPool1 - Failed to create resource. User: arn:aws:sts::844180208621:assumed-role/ttw3-cognito-triggers-liv-IamRoleCustomResourcesLa-9S662UBZG46B/ttw3-cognito-triggers-live2-custom-resource-existing-cup is not authorized to perform: iam:PassRole on resource: arn:aws:iam::844180208621:role/ttw3c9c9ab1014_sns-role-live See details in CloudWatch Log: 2019/08/24/[$LATEST]8062f5ca32e947f6a06a0e36a5284457.
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: darwin
Node Version: 10.15.3
Framework Version: 1.50.0
Plugin Version: 1.3.8
SDK Version: 2.1.0
Issue Analytics
- State:
- Created 4 years ago
- Reactions:10
- Comments:13 (4 by maintainers)
Top Results From Across the Web
Deploy failed when existing user pool triggered function is ...
I use existing user pool triggers like this. my_func: handler: ... Issue: AWS Events - Cognito User Pool Triggers fail to deploy.
Read more >Customizing user pool workflows with Lambda triggers
Amazon Cognito passes event information to your Lambda function. The Lambda function returns the same event object back to Amazon Cognito with any...
Read more >interface UserPoolTriggers · AWS CDK
Amazon Cognito invokes this trigger to send SMS notifications to users. defineAuthChallenge? IFunction, Defines the authentication challenge. postAuthentication ...
Read more >Cognito::UserPool LambdaConfig - AWS CloudFormation
Specifies the configuration for AWS Lambda triggers. Syntax. To declare this entity in your AWS CloudFormation template, use the following syntax: JSON.
Read more >Pre sign-up Lambda trigger - Amazon Cognito
This data comes from the ValidationData values passed to the user pool SignUp ... that Amazon Cognito passes to this Lambda function along...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
⊂◉‿◉つ I just ran into this as well. When removing the stack:
I had the manually delete the stack and re-deploy.
It also seems like there *might be a race condition with the creation of these custom resources & when the permissions get attached to the lambda functions with
cognitoUserPooltriggers.Aside, the reason I was removing the deploy was an error from
PreSignUptrigger when using my login form. It was returning aUnexpectedLambdaExceptionerror something about the cognito not having permissions to invoke the presignup function.After re-deploying the stack, everything works no lambda permission issue. I might try to use
dependsOnif I see it again.Thanks!!! Perfect.