IAM role (resource) for accessing cognito group info

Hi there, I wrote an API end-point to access and manipulate Cognito such as accessing user’s information like email, user id and others. Currently, I got “is not authorized to perform: cognito-idp:ListUsers on resource:”. So, how can I set iam role for getting permission to perform that kind of operation.

I’ll assume you’re doing this through a Lambda. The easiest solution is to grant that permission to the default IAM role. See https://serverless.com/framework/docs/providers/aws/guide/iam#the-default-iam-role for more information.

1 Like

Hi @buggy, yes, I did like you said. I didn’t get it before is that I chose the wrong iam role statement. I wrote others instead of “arn:aws:cognito-idp:” and “arn:aws:cognito-sync” After changing these two, I got what I wanted.

1 Like