Amplify-cli: How to add a pre or post SignUp hook/trigger?

@troygoode You need setup a lambda function and add that in your Cognito User Pool. The doc: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-confirmation.html

Closing this issue. Please feel free to re-opne if you've further questons.

Thanks @powerful23 @kaustavghosh06; I suppose what I'm wondering is how to do so in a way that works well with a Amplify CLI multienv setup. Namely I'm concerned about how to do this without having to hard-code the Pool ARN or Lambda ARN in such a way that another developer on our team running amplify env checkout <branch> won't work.

@powerful23 @kaustavghosh06 can this issue be re-opened? I'm currently manually configuring the triggers via the Cognito UI for each environment; is there a way to specify the lambda function in the amplify/backend/auth/myauth/myauth-cloudformation-template.yml file? In particular, a way that will (a) ensure that the CloudFormation for the Function (in amplify/backend/function/*) is run first and (b) ensure that the naming is @multienv-safe?

Hi @powerful23 . I want to share my Amplify project with over developers. Now it takes 3 steps to deploy own replica of the application: 1) clone repo 2) run amplify init 3) run amplify publish.

It seems that it's impossible to add lambda function in Cognito User Pool using amplify-cli. So over developers need to perform additional steps in Amazon Console to define pre/post SignUp handlers.

I think it will be useful to have this feature in amplify-cli. This will allow us to implement things like Auto-Confirm Users

@troygoode @ovandr we are investigating a project to make advanced admin features like this, such as setting up Lambda triggers from template samples and such, available in the CLI. I have reopened this issue and tagged it as part of the project: https://github.com/aws-amplify/amplify-cli/projects/1
There will be an RFC soon in the repo for you to give feedback on requirements. Stay tuned.

@troygoode @ovandr please take a look at the following RFC and comment there with thoughts: https://github.com/aws-amplify/amplify-cli/issues/766

We've added support for Lambda Trigger support for the dynamo tables managed/added by the CLI using the amplify add storage command. Let me know if you find that useful. Please take a look at https://aws.amazon.com/blogs/mobile/amplify-framework-adds-supports-for-aws-lambda-triggers-in-auth-and-storage-categories/ for more details.

The docs on this are still pretty weak.

The general docs are here:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

The Amplify CLI docs are here, but do not show which command initiates the "manual Auth cli workflow".
https://aws-amplify.github.io/docs/cli-toolchain/quickstart#adding-a-lambda-trigger

There are some more docs here...

https://aws-amplify.github.io/docs/cli-toolchain/cognito-triggers

Be nice to kick off any lambda function you want at points in the auth workflow. I would like to be able to kick off a Lambda after account verification that goes and adds some data into my DB. As far as I can tell that's not possible.

Be nice to kick off any lambda function you want at points in the auth workflow. I would like to be able to kick off a Lambda after account verification that goes and adds some data into my DB. As far as I can tell that's not possible.

Absolutely agree on this one!

Right now I'm struggling with amplify update auth to add Lambda Triggers. It asks all the questions again. I wish amplify update auth showed Add/Update lambda triggers on the top menu e.g.

$ amplify auth update

Using service: Cognito, provided by: awscloudformation
 What do you want to do? (Use arrow keys)
❯ Apply default configuration without Social Provider (Federation)
  Walkthrough all the auth configurations
  Add/Edit signin and signout redirect URIs
  Update OAuth social providers
  Add/Update lambda triggers                 // ***** something like this *****
  Create or update Cognito user pool groups
  Create or update Admin queries API

@undefobj @kaustavghosh06 you say you've "added support" but this is still very difficult to do. I suspect it is a documentation issue.

What answers do I need to provide the CLI to get it to setup a lambda with all the right role/policy (cognito, api/dynamodb) for a PostSignupConfirm trigger?

@cyrfer did you find a way to add the right roles and policies to access cognito api and dynamo db?

@kaustavghosh06 can you please give an update on this?

@rehanbabertkxel no, but I did make a recommendation over here: https://github.com/aws-amplify/amplify-cli/issues/3927

My understanding is add lambda triggers _after_ the auth module has been created is still to re-run Walkthrough all the auth configurations. I mean at this point:

What do you want to do? Walkthrough all the auth configurations
 Select the authentication/authorization services that you want to use: User Sign-Up & Sign-In only (Best used with a cloud API only)
 Do you want to add User Pool Groups? Yes
? Provide a name for your user pool group: 

I'm unclear if that action would delete my existing user pool - when I only wanted to add a lambda trigger.

@thomasklein-winemaker it would not delete your user pool.

Be nice to kick off any lambda function you want at points in the auth workflow. I would like to be able to kick off a Lambda after account verification that goes and adds some data into my DB. As far as I can tell that's not possible.

Absolutely agree on this one!

Right now I'm struggling with amplify update auth to add Lambda Triggers. It asks all the questions again. I wish amplify update auth showed Add/Update lambda triggers on the top menu e.g.

$ amplify auth update

Using service: Cognito, provided by: awscloudformation
 What do you want to do? (Use arrow keys)
❯ Apply default configuration without Social Provider (Federation)
  Walkthrough all the auth configurations
  Add/Edit signin and signout redirect URIs
  Update OAuth social providers
  Add/Update lambda triggers                 // ***** something like this *****
  Create or update Cognito user pool groups
  Create or update Admin queries API

Hi guys, any chance to just add the lambda triggers / functions to an existing Auth? To be honest I'm struggeling to answer all these question I've answered already some time ago.

In the meantime I see in file of '../amplify/backend/auth/appname/parameters.json' the following syntax for the triggers:

{
    ...
    "triggers": "{}",
    "userPoolGroupList": [],
    "parentStack": {
        "Ref": "AWS::StackId"
    },
    "permissions": [],
    "dependsOn": []
}

Does anyone maybe know to add the triggers manually? How does the file 'parameters.json' looks like for automatically added triggers?

Thanks for your help!

@mbecker when I added a trigger, I go through all the walkthrough questions then do a diff on the cloudformation files to double check what the walkthrough did and what my setup had before. Often times I have to revert some of the things the walkthrough did, especially if you modified parameters.json or the cloudformation files outside the walkthrough to get features the walkthrough does not support (e.g. user name case insensitivity)

Going through all the steps to add a trigger is not the best approach. It often ruins current settings. Is possible to just add a trigger and do not change anything else for auth?