aws-cognito | AWS Cognito package using the AWS SDK for PHP/Laravel | AWS library

i'm having some problems using lambda enviroment.

Looking to set a function that make a mutation to Hasura so I can relate Auth users of Cognito with my app information.

I set the following function Post Authentication in Lamba but it does not work.

We are moving our auth to Cognito and need to alter the token we get from Cognito. We are using a Pre Token Generation Lambda Trigger to accomplish this. We are also using Amplify's Auth library. However, I can not access the clientMetadata we are sending with Auth.signIn().

On the front-end we simply have:

I have deployed https://github.com/aws-samples/amazon-elasticsearch-service-with-cognito to my stack, and am trying to add a master group as per https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html#fgac-walkthrough-iam

So I have added to the following https://github.com/aws-samples/amazon-elasticsearch-service-with-cognito/blob/master/lib/search-stack.ts#L50

I currently have JWT dependency named jwt which makes sure it passes JWT authentication stage before hitting the endpoint like this:

sample_endpoint.py:

I am following AWS Cognito and API gateway tutorials from part1, part 2 and part 3.

From part 1, I created the following lambdas:

1. signup
2. confirm signup
3. forgot pwd
4. resend verify code
5. successful registration

and each of these lambdas has a separate role automatically generated for them.

From part 2, I connected these lambdas to various API endpoints in API Gateway, with the /login route being connected to the successful registration lambda.

From the part 3 tutorial, I created a refresh_access_token lambda function and also the test_user. Then, in the API gateway, I created a new resource /user/test-user and added a GET method, which I connected to the test_user lambda. (The refresh_access_token isn't connected to a route).

After that, I go to the Create a New authorizer section from part 3, and when I run the /login route, I end up getting the following error:

How do I associate EmailConfigurationProperty with UserPool? I have both objects configured, but do not see the path to connect them.

https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cognito.UserPool.html

https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cognito.CfnUserPool.EmailConfigurationProperty.html

I'm trying to identify if the authenticated user is admin or not, by checking if it belongs to a specific group. I'm using amplify in my React application and tried several methods, such as Auth.currentUserInfo(), Auth.currentAuthenticatedUser() and also getting the jwt token to see if somehow it's returned in the token, but I didn't find any information regarding that. I saw some people saying that exists a payload cognito:groups in the token here, but that may be changed, because in my returned token it does not exists.

Another thing that I thought would work is the scope that comes in the jwt (aws.cognito.signin.user.admin), but it seems that every created user using amplify is returning this scope.

Is it possible to check if an authenticated user belongs to a group or if it's an admin user from cognito?

I am using AWS CDK TypeScript. I am trying to create an cognito userpool in cdk. But it is showing below warning at "this",

I'm new at AWS Lambda Functions and I want to create a new function to fetch user groups from my Cognito User Pool generated by Amplify, I saw many examples but so far my function didn't work, I think I'm probably missing some permission, I'm not sure. Here is my function: