AWS CLI - how to generate security tokens for a cognito user
Ultimately, I need to generate an AccessKeyId, SecurityKey and SessionToken for a user in a Cognito User Pool so that I can test a lambda function as a cognito user using Postman. So far, I've spent 2 days trying to figure this out. It seems that this would work:
aws sts assume-role-with-web-identity --role-arn arn:aws:iam::1234567890:role/rolename--role-session-name "RoleSession1" --web-identity-token ??? --provider-id provideridvalue
I was able to get the provider-id value but I'm having trouble getting a valid value for the web-identity-token.
If I understand correctly this should get me the web-identity-token:
aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --client-id clientidvalue --auth-parameters USERNAME=usernamevalue,PASSWORD=passwordvalue
I obtained the clientidvalue from the Federated Identities pool.
The problem I have been unable to resolve is that the above command gives me this error:
Unknown options: PASSWORD=<password>
I've tried many different variations including json format but nothing works. What am I doing wrong?
It works for me. I can't see any difference with yours
Are you using the app client id that you created at User Pool 'App clients' sections (not at federated identity section) ? If so, is this option checked ?
Enable username-password (non-SRP) flow for app-based authentication (USER_PASSWORD_AUTH)
I am using the token starting after 3600 till the next whitespace. Put it on postman header and call lambda behind Cognito Authorizer.
UPDATE
If anyone interested in single command shell script version of this -> Bash Script
I use it quite often
- exports is not defined in ES module scope AWS Lambda
- Why is serverless including the stage name in the service's URL?
- Lambda Provisioned Concurrency showing 0 available. But I'm not using any
- Access the Alexa Shopping and To-Do Lists with Python3 request module
- Creating a schedule expression for eventbridge using terraform
- Terraform lambda source_code_hash update with same code
- Why is this Lambda function not running more concurrent executions?
- Serverless / AWS Lambda - Create the triggers for the published lambda versions
- Invoking lambda from API gateway test, but hitting the endpoint does not invoke the lambda. 500 returned
- Importing LightGBM into AWS Lambda
- aws-encryption-sdk-python decrypt error: '65 is not a valid SerializationVersion'
- how to decrease the exceution time of aws lambda function nodejs
- Is it possible to use SSM parameters in environment variables for a lambda?
- AWS SAM CLI cannot access Dynamo DB when function is invoked locally
- Use a lambda to upload an S3 object to external API
- Simple way to put AWS Lambda app behind SAML authentication
- AWS Lambda - How to stop retries when there is a failure
- Handling an image/jpeg response from Lambda in API Gateway
- How I can safely check if file exists in S3 bucket using go in lambda?
- How to calculate the CodeSha256 of aws lambda deployment package before uploading
- Problems using MySQL with AWS Lambda in Python
- using AWS lambda-docker Error "lambda-entrypoint.sh: exec format error"
- Container image support for AWS Lambda via cloudformation
- How can I recover deleted AWS Lambda code?
- Cognito "Authorizer" element not appearing in RequestContext in a Lambda triggered via API Gateway
- AWS Lambda Custom JWT Validation
- Uploading File to S3 via Node.js SDK Resulting is Blank File
- Disable dynamoDB table
- How to limit the consuming rate from a topic?
- How to install Numpy and Pandas for AWS Lambdas?