When I try to login using AWS Cognito I get an AccessDeniedException about my custom Lambda trigger

Question

I am calling adminInitiateAuth and getting back a strange AccessDeniedException for my own lambdas.

Here is the code I\'m calling:

      var params = {         


        

Answer 1

For someone ending up here, trying to add cognito triggers via terraform, all you need to do is to add an aws_lambda_permission resource:

resource "aws_lambda_permission" "allow_execution_from_user_pool" {
  statement_id = "AllowExecutionFromUserPool"
  action = "lambda:InvokeFunction"
  function_name = aws_lambda_function..function_name
  principal = "cognito-idp.amazonaws.com"
  source_arn = aws_cognito_user_pool..arn
}

Found in this great post: https://www.integralist.co.uk/posts/cognito/