英文:
Updating custom user attributes on AWS cognito with a number value (via a post confirmation trigger / lambda function)
问题
我在我的用户池中有一个 Lambda 触发器(后确认 Lambda 触发器),它调用了下面的代码:
sess, err := session.NewSession()
if err != nil {
fmt.Println("failed to create session", err.Error())
}
svc := cognitoidentityprovider.New(sess)
params := &cognitoidentityprovider.AdminUpdateUserAttributesInput{
UserAttributes: []*cognitoidentityprovider.AttributeType{
{
Name: aws.String("custom:onboarding"),
Value: aws.Int(0),
},
},
UserPoolId: aws.String("xxxxx"),
Username: aws.String("xxxxx"),
}
resp, err := svc.AdminUpdateUserAttributes(params)
if err != nil {
fmt.Println("resp error: ", err.Error())
}
fmt.Println(resp)
我收到以下错误:
.\main.go:36:5: cannot use "github.com/aws/aws-sdk-go-v2/aws".Int(0) (type *int) as type *string in field value
该值需要是一个整数,因为在 Cognito 中,自定义属性被设置为一个数字。
我在这里漏掉了什么?或者这不是正确的方法吗?
提前感谢。
英文:
I have a lambda trigger in my user pool (post confirmation lambda trigger), which calls the code below:
sess, err := session.NewSession()
if err != nil {
fmt.Println("failed to create session", err.Error())
}
svc := cognitoidentityprovider.New(sess)
params := &cognitoidentityprovider.AdminUpdateUserAttributesInput{
UserAttributes: []*cognitoidentityprovider.AttributeType{
{
Name: aws.String("custom:onboarding"),
Value: aws.Int(0),
},
},
UserPoolId: aws.String("xxxxx"),
Username: aws.String("xxxxx"),
}
resp, err := svc.AdminUpdateUserAttributes(params)
if err != nil {
fmt.Println("resp error: ", err.Error())
}
fmt.Println(resp)
Im receiving the following error:
.\main.go:36:5: cannot use "github.com/aws/aws-sdk-go-v2/aws".Int(0) (type *int) as type *string in field value
The value needs to be an integer, as the custom attribute is set as a number in cognito.
What am I missing here? Or is this not the right method?
Thanks in advance
答案1
得分: 0
我找到了答案。正如isavinof所说,该值的类型是字符串,最初无法正常工作,但后来发现是权限错误(AccessDeniedException)。
为了解决这个问题,我按照这个答案进行了操作:https://stackoverflow.com/a/67678111/1898662
I. 创建策略(用于权限)
- 进入IAM控制台 -> 策略 -> 创建策略。
- 选择"Cognito用户池"服务。
- 指定您需要权限的所需操作(列表、读取等)。在这种情况下,是写入 -> AdminUpdateUserAttributesInput。
- 指定资源 - 用户池的区域和ID。
- 选择请求条件(可选)。
- 添加标签(可选)- 有助于在大型策略列表中进行搜索。
- 给策略命名并提供描述 - 要确切,这有助于确保在下一阶段选择正确的策略。
- 点击"创建策略"按钮。
策略已创建。
II. 将策略添加到用户:
- 进入IAM控制台 -> 用户(在这种情况下是角色,而不是用户),找到Lambda函数角色。如果您不知道它是什么,请在Lambda后端查看权限下的角色。
- 选择所需的角色。
- 在权限选项卡中,点击"添加权限"。
- 点击"直接附加现有策略"。
- 搜索刚刚创建的策略。
- 点击"添加权限"。
问题已解决。
英文:
I have found the answer. As isavinof said, the value has a string type, which wasn't working initially, however, it turned out to be a permissions error ( AccessDeniedException ).
To fix the problem, I followed this answer: https://stackoverflow.com/a/67678111/1898662
I. CREATING THE POLICY (FOR PERMISSION)
- Go to IAM console -> Policies -> Create Policy.
- Choose "Cognito User Pools" Services.
- Specify the desired actions for which you need permission for (List, Read,
etc.) In this case, it was write -> AdminUpdateUserAttributesInput - Specify Resources - the userpool region and id
- Choose request conditions (optional).
- Add Tags (Optional) - helps with searching in a large list of policies
- Give name and description of the policy - be exact as it helps to ensure
you have chosen the right one in the next stage - Click on "Create Policy" button.
POLICY CREATED.
II. ADDING THE POLICY TO THE USER :
- Go to IAM console -> Users (in this case, roles, not users, and find the lambda function role. If you don't know it, view it in the lambda backend, under permissions)
- Select the desired role.
- In permissions tab, click on Add Permissions.
- Click on "Attach existing policy directly".
- Search for the policy you just created.
- Click on "Add Permissions"
ISSUE IS RESOLVED.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论