Creating the AWS Cognito Pool
You’ll need an Amazon Developer account. Go to aws.amazon.com and navigate to the sign in page.
Once there, in the search bar, search for Cognito and select it from the menu. We’ll use Cognito to manage our user accounts.
Click on “Create user pool.”
For the Authentication providers, select “Email.”
As you get more used to using Cognito, you can select the other options as well.
Click “Next.”
For the Password Policy, you can specify what rules you want for the password. For now, leave it as it is.
For Self-service sign-up, make sure it is enabled as well.
For the Email section, you should have Amazon SES configured if your app is going to production. For now, select the Send email with Cognito option and click “Next.”
Name the User pool.
Disable Cognito Hosted UI.
For the Initial App client section, select the Public client option. This will allow us to use the AWS SDK to perform the self-registration commands.
Then enter a callback url. For us, we can put anything we want.
Expand the Advanced app client settings section. Disable all the Authentication flows selected and select the ALLOW_USER_PASSWORD_AUTH option.
Review everything and click “Create user pool” to complete the process.
Creating the lambda
Now that we have a User Pool, we can manage our users and begin creating the lambda functions.
In the search bar at the top, search for Lambda, right click on it in the menu and open in a new tab.
Create a new function by clicking on the Create function button.
Give the lambda a name like CreateAccount.
For this function, we want to create a user in Cognito. Lucky for us, Amazon Web Services provided an SDK that is included within the Lambda function we can use to connect with Cognito and perform commands on it.
If we take a look at their documentation we can use the SDK for a lot of other services
If we search for Cognito, we can see a few of them. The one we want is the cognito-identity-provider.
In here, we can see how to use the functions in the SDK. Search for SignUp and hit enter a couple of times.
If we look at the description, this command is used to register a user for Cognito. If we scroll down, we can see how to use it.
Now go back to the documentation.
const client = new CognitoIdentityProviderClient(config);
const input = { // SignUpRequest
ClientId: "STRING_VALUE", // required
SecretHash: "STRING_VALUE",
Username: "STRING_VALUE", // required
Password: "STRING_VALUE", // required
UserAttributes: [ // AttributeListType
{ // AttributeType
Name: "STRING_VALUE", // required
Value: "STRING_VALUE",
},
],
ValidationData: [
{
Name: "STRING_VALUE", // required
Value: "STRING_VALUE",
},
],
AnalyticsMetadata: { // AnalyticsMetadataType
AnalyticsEndpointId: "STRING_VALUE",
},
UserContextData: { // UserContextDataType
IpAddress: "STRING_VALUE",
EncodedData: "STRING_VALUE",
},
ClientMetadata: { // ClientMetadataType
"<keys>": "STRING_VALUE",
},
};
const command = new SignUpCommand(input);
const response = await client.send(command);
For the client, replace config with a pair of curly brackets and put region, colon, and the region you are in.
const client = new CognitoIdentityProviderClient({region: "us-east-1"});
Inside the input object, remove everything except for ClientId, Username, and Password.
The ClientId is for a Cognito User pool app client id.
To get it for the one that was created earlier, search for Cognito in the search bar at the top.
For the username, type event, followed by square brackets, and put “username” inside them.
When the lambda gets triggered, we’ll get an object that contains information like the username and password. You’ll see how we can use API Gateway to add the username and password to the event object later in the video.
Save the code and deploy it.
Testing the lambda
To test, click on the arrow next to the test button and select Configure test event.
Give the event a name like SignUpTest. Then edit the JSON by setting the first property to username and use a valid email you want to test with. For the next property, replace it with password and use a random password.
Click Save and then run the test.
You can see that the test was successful because we received a 200-status code.
If we navigate to our user pool’s dashboard and click on the “Users” tab, we should see our account.
If we check the inbox of the account, you can find an email from our user pool with a confirmation code.
That’s all for this tutorial. In the next tutorial, we’ll create another lambda function to confirm the account so we can log in with it.