I am trying to configure my user pool client to have write access to user pool attributes. The following code works fine if I comment out the WriteAttributes property, but by default AWS doesn’t set write access to custom attributes, which in this case I have one which is called
role. But when I leave it in, I get this error:
An error occurred while provisioning your stack: WebAppUserPoolWebClient - Invalid write attributes specified while updating a client (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: InvalidParameterException;
I’m not sure what is wrong. On the AWS docs it says I need to provide a string, but it doesn’t mention what format it should be in exactly. I’ve tried just
"role" but nothing seems to work and I always get that same error. Any help would be appreciated.
WebAppUserPoolWebClient: Type: "AWS::Cognito::UserPoolClient" Properties: ClientName: Web GenerateSecret: false UserPoolId: Ref: WebAppUserPool WriteAttributes: - custom:role