Using a serverless function for cognito trigger

I have a serverless project which contains 2 lambda functions which I am calling from a cognito user pool as a pre signup trigger and a post confirmation trigger.

When attempt to register a user in that cognito user pool my pre sign up trigger should be called.

As explained here: http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

I have configured the user pool correctly - but am getting an AccessDeniedError.

I believe this is because the lambda does not have the correct IAM to speak with cognito. Currently my YAML only has these IAM permissions defined:

iamRoleStatements:

  • Effect: "Allow"
    Action:
    • dynamodb:GetItem
    • dynamodb:PutItem
      Resource: “arn:aws:dynamodb:eu-west-1::

Does anyone know what I need to do … please?

This the is solution:

I’ve made a PR addressing this, hopefully we should be able to do this by v1.15.