3

I have a Cognito Identity Pool that is used to authenticate my front end users, as well as give them certain permissions in my application. However, I have encountered an issue with giving these users permission to access IoT, which involves invoking a Lambda calling iot.addPrincipalPolicy(), and once that is done then everything works flawlessly.

However, the issue I am facing is that right now I am running this function is being called every time my user requests authentication, when it really only needs to be ran when the user signs up. Is there a way to make sure that it only gets ran once? I was thinking of using a Cognito User Pool trigger, but that will only work for my users who authenticate with Cognito and not with Facebook or Google.

So basically, I would like to only call this function once, the first time that the user gets an Identity Pool ID. Is there a way I can do this that will work for all login methods?

Turner Houghton
  • 496
  • 6
  • 16

1 Answers1

0

As I don't have enough rep points to simply put a comment, I will leave this here just in case it helps you.

Cognito User Pool recently gained support for Facebook and Google identity providers, so you COULD user a User pool trigger if needed.

http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social.html

JoshuaC
  • 349
  • 2
  • 5
  • I think I will do it this way then. Federated identities seem like a lot of work for little benefit in my case. – Turner Houghton Oct 25 '17 at 17:36
  • 2
    I'm pretty sure that a Federated Identity login via Identity Pools (via Google, Facebook, etc.) does not trigger User Pool triggers (PreAuthentication, PostAuthentication, etc.) - these are only for User Pool user logins (Email/Username) -- Please correct me if I'm wrong. – ElasticThoughts Feb 22 '19 at 21:06