2

I have set up the AWS SDK for iOS to authenticate using Amazon Cognito. Here is the code that does that:

let credentials = AWSCognitoCredentialsProvider(regionType: .USEast1,
                                                    identityPoolId: IdentityManager.identityPoolId,
                                                    identityProviderManager: self)

AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = AWSServiceConfiguration(region: .USEast1,
                                                                                                    credentialsProvider: credentials)

I can use this credentials provider to successfully get an identity id. From here I attempt to set up an API Gateway generated client to make a call to my lambda function.

let client = APIGatewayClient.defaultClient()

client.endpointGet() { task in


}

I've confirmed that the APIGatewayClient has the AWSCognitoCredentialsProvider attached to it's configuration property and stepped through the request signing code to make sure it's requests get signed properly.

Here is the Lambda function being called by the client:

exports.handler = function(event, context) {

    console.log('context: ' + require('util').inspect(context));

    if (context.identity) {

        context.succeed("found cognito identity")

    } else {

        return context.fail(new Error("cognito identity not found"))
    } 
}

The problem is that context.identity is null even though the request is being signed with the AWSCognitoCredentialsProvider. What additional steps do I need to take to ensure Lambda recognizes my request is signed with a Cognito identity and populates the related field in the context object?

Patrick Goley
  • 5,397
  • 22
  • 42

1 Answers1

3

In order to have the Cognito identity object available in your lambda function which is invoked through API gateway, you need to enable "Invoke with caller credentials" on the API Gateway "Integration Request" page of the API gateway resource. This will inject the identity object in lambda context which will have cognitoIdentityId and cognitoIdentityPoolId within it.

Some similar posts:

SO: AWS API Gateway: How to pass IAM identity to Lambda function?

AWS Forums: https://forums.aws.amazon.com/message.jspa?messageID=669060#669060

Hope this helps.

Community
  • 1
  • 1
Chetan Mehta
  • 5,491
  • 1
  • 22
  • 21
  • hmm I tried it it doesn't work I get back ```{"callbackWaitsForEmptyEventLoop":true,"logGroupName":"/aws/lambda/ugc-post","logStreamName":"2017/10/31/[$LATEST]6f9e519e33fe4d3f96f0ab88e2111068","functionName":"ugc-post","memoryLimitInMB":"128","functionVersion":"$LATEST","invokeid":"fa474ffc-be53-11e7-a4d1-c3a02d8ef22d","awsRequestId":"fa474ffc-be53-11e7-a4d1-c3a02d8ef22d","invokedFunctionArn":"arn:aws:lambda:eu-west-1:247237293916:function:ugc-post"}```, by calling from generated framework(iOS) – Andrius Steponavičius Oct 31 '17 at 15:59