I'm not able to understand why my Cognito trigger is not firing my Lambda function. Can anyone suggest either what is wrong, or point me at a way of finding why it's not working.
I am able to trigger the function manually from the AWS console - I'm verifying this by looking at the generated log files in the console.
My SAM template looks like this:
UserPool:
Type: AWS::Cognito::UserPool
Properties:
AdminCreateUserConfig:
AllowAdminCreateUserOnly: false
UsernameAttributes:
- email
AutoVerifiedAttributes:
- email
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireNumbers: false
RequireSymbols: false
RequireUppercase: true
TemporaryPasswordValidityDays: 90
LambdaConfig:
PostConfirmation: !GetAtt ConfirmUserFunction.Arn
UserPoolInvokeConfirmUserFunctionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt ConfirmUserFunction.Arn
Principal: cognito-idp.amazonaws.com
SourceArn: !GetAtt UserPool.Arn
ConfirmUserFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: lambdas/ConfirmUser
Handler: app.lambda_handler
Runtime: python3.8
MemorySize: 128
Timeout: 10
Have I missed something obvious?
I have also tried setting the event trigger on the lambda function, using:
Events:
CognitoUserPoolConfirmed:
Type: Cognito
Properties:
UserPool:
Ref: UserPool
Trigger: PostConfirmation
This doesn't seem to make any difference at all.
I am able to successfully setup a trigger from a PostAuthentication trigger to the same Lambda, so my template can't be too far off, but I still can't see what the issue is.
