When I try to login using AWS Cognito I get an AccessDeniedException about my custom Lambda trigger

Question

I am calling adminInitiateAuth and getting back a strange AccessDeniedException for my own lambdas.

Here is the code I\'m calling:

      var params = {         


        

Answer 1

I had a problem similar to yours except I was trying to configure the Lambda with my Cognito User Pool through CloudFormation.

In the link that Ryan had posted there was a code sample someone posted. Namely Cognito needed the proper permissions to invoke the lambda function.

MyLambdaInvocationPermission:
  Type: AWS::Lambda::Permission
  Properties:
    Action: lambda:InvokeFunction
    FunctionName: !GetAtt MyLambdaFunctionName.Arn
    Principal: cognito-idp.amazonaws.com
    SourceArn: !GetAtt MyCognitoUserPoolName.Arn