Secure Our Serverless APIs

jayair · August 26, 2021, 1:18am

Link to chapter — https://serverless-stack.com/chapters/secure-our-serverless-apis.html

jeff-talley · October 3, 2021, 4:52pm

How can I see a list of users that I have created in my Cognito User Pool?

I am following along with this guide and everything is working beautifully. I am about to start working on the React front end, but I wanted to see a list of users that I created based on this chapter and I cannot figure out how to do it.

I created the user shown in the guide for “admin@example.com” and it worked fine. I then created another one for “admin2@example.com” and it worked as well. Now, I want to see a list of users that I have created, which should show these two.

However, everything I try just shows me my IAM user in Cognito (CLISST). I cannot find any command to run at the command line that would list these users, and when I login to my AWS account in a browser, I cannot find them there either. Strangely, my AWS account even says that I do not have any Cognito User Pools or Cognito Identity Pools, even though I successfully created both per this guide.

Now … I am totally confused by Discourse and have no idea if I am posting this question correctly or in the right place. Please tell me if I am doing any of this incorrectly.

Thanks in advance …

jeff-talley · October 3, 2021, 5:08pm

Ok I figured out a command line that I can run to give me this list, but I still cannot figure out how to see all of this by logging into my AWS console for some reason.

Here is the command:

aws cognito-idp list-users --region [enter region here] --user-pool-id [enter user pool id here] --limit 20

VeryBaddude · January 9, 2022, 11:47pm

When testing the code, I get the following back:

Authenticating with User Pool
Getting temporary credentials
Making API request
{
  status: 404,
  statusText: 'Not Found',
  data: { message: 'Not Found' }
}

I have finished each lesson up to that point with all tests working so I am at a loss as to why I get this result.

Thanks!

jayair · January 10, 2022, 10:27pm

Hmm this sounds like the API path is incorrect? Can you double check that?

johnrizzo4 · January 10, 2022, 10:34pm

Using the aws-api-gateway-cli-test with Windows (within Powershell, within VSCode), I’ve an exception.

From the book:

npx aws-api-gateway-cli-test --username admin@example.com --password Passw0rd! --user-pool-id USER_POOL_ID --app-client-id USER_POOL_CLIENT_ID --cognito-region COGNITO_REGION --identity-pool-id IDENTITY_POOL_ID --invoke-url API_ENDPOINT --api-gateway-region API_REGION --path-template /notes --method POST --body "{\"content\":\"hello world\",\"attachment\":\"hello.jpg\"}"

(with the correct values of my server, of course)

Error:

npx : 113 installé(s) en 22.981s
Authenticating with User Pool
Getting temporary credentials
Making API request
undefined:1
{\
 ^

SyntaxError: Unexpected token \ in JSON at position 1
    at JSON.parse (<anonymous>)
    at makeRequest (C:\Users\john\AppData\Roaming\npm-cache\_npx\17040\node_modules\aws-api-gateway-cli-test\index.js:179:17)
    at C:\Users\john\AppData\Roaming\npm-cache\_npx\17040\node_modules\aws-api-gateway-cli-test\index.js:152:5
    at C:\Users\john\AppData\Roaming\npm-cache\_npx\17040\node_modules\aws-api-gateway-cli-test\node_modules\aws-sdk\lib\credentials.js:124:23
    at C:\Users\john\AppData\Roaming\npm-cache\_npx\17040\node_modules\aws-api-gateway-cli-test\node_modules\aws-sdk\lib\credentials.js:212:15
    at processTicksAndRejections (internal/process/task_queues.js:77:11)

Or more concisely:

SyntaxError: Unexpected token \ in JSON at position 1

It comes from the body string:

--body "{\"content\":\"hello world3\",\"attachment\":\"hello3.jpg\"}"

I’ve tried different versions such as:

--body "{'content':'hello world3','attachment':'hello3.jpg'}"

which triggers another error.

Any idea of a correct string?
Many thanks.

VeryBaddude · January 10, 2022, 11:00pm

Looks like I figured it out through trial and error - not sure why exactly, but it works if I use these two parameters like this:

--invoke-url='https://random.execute-api.us-east-1.amazonaws.com/' \
--path-template='notes' \

The --path-template that is in your instructions had a slash in front of the word “notes”. Moving that slash at the end of the --invoke-url made it work.

Hopefully this helps someone else.

Thanks!

wmbond · February 25, 2022, 5:28am

Going through the SST tutorial and successfully ran the cognito-idp sign-up and it created the user.

Ran cognito-idp admin-confirm-sign-up and it returned the error An error occurred (UserNotFoundException) when calling the AdminConfirmSignUp operation: User does not exist.

Checked the account in AWS and the email has a comma appended to it. Edited the email in AWS and cognito-idp admin-confirm-sign-up correctly changed the state to Confirmed.

I cannot account for why the trailing comma is added to the account email when running cognito-idp sign-up

ceej · May 3, 2022, 7:35pm

I also had this issue on Windows, and I don’t have a real fix but I found a workaround.

I’m using VSCode and using their integrated terminal to run all of my command line stuff. In Windows, this terminal appears to default to PowerShell.

I switched the terminal to cmd and it worked.

Brandoxcode · May 16, 2023, 2:22pm

Hi guys Im having this error

NOTE: We are formalizing our plans to enter AWS SDK for JavaScript (v2) into maintenance mode in 2023.

Please migrate your code to use AWS SDK for JavaScript (v3).

I tried to upgraded all my @aws-sdk packages to the 3x version and it didnt work

LambdaBender · August 6, 2024, 10:50am

Hi @jayair,

I am currently working through the SST intro notes tutorial.
Thanks, for the nice introduction!

There are just two things, I struggled a bit so far:

get all the command line stuff working.
creating the AWS accounts could have been much easier

AWS Accounts
It would have been great to see Adam’s video about AWS federated accounts before starting. Spent a lot of time to set up Accounts and IAM users the wrong way before starting. Maybe link it in the first chapter, before it’s going into the weeds?
CLI Tools
For the cli calls, it would be nice to have a .env file with all the necessary variables to be filled out during the tutorial.

.env:

API_ENDPOINT=https://YOUR-STACK-ID.execute-api.us-east-1.amazonaws.com
USER_POOL_CLIENT_ID=
IDENTITY_POOL_ID=
API_REGION=us-east-1
COGNITO_REGION=us-east-1
USER_POOL_ID=


STRIPE_SECRET_TEST_KEY=fill out
STRIPE_PUBLISHABLE_KEY=fill out

And then the CLI calls in little shell scripts, loading the .env file. E.g. 01_test_user_signup.sh:

source .env

AWS_PROFILE=plain-dev-sst aws cognito-idp sign-up \
  --region ${COGNITO_REGION} \
  --client-id ${USER_POOL_CLIENT_ID} \
  --username admin@example.com \
  --password Passw0rd!

02_test_user_admin_confirm_signup.sh:

source .env

AWS_PROFILE=plain-dev-sst aws cognito-idp admin-confirm-sign-up \
  --region ${COGNITO_REGION} \
  --user-pool-id ${USER_POOL_ID} \
  --username admin@example.com

This would reduce room for error.

I hope this thread isn’t some kind of /dev/null btw.

Thanks for considering, and thanks for the great framework so far!

Greets,
Andreas

jayair · August 8, 2024, 5:09pm

Appreciate the feedback!

Topic		Replies	Views
Debugging API Gateway Chapter Comments	6	607	August 24, 2020
Mapping Cognito Identity Id and User Pool Id Chapter Comments	10	1832	June 28, 2022
Create a Cognito Identity Pool Chapter Comments	67	4372	January 3, 2021
Test the Configured APIs Chapter Comments	54	7536	June 26, 2021
App with no user Auth	1	548	February 18, 2019

Secure Our Serverless APIs

Related Topics