I have configured specific Lambda alias (Please note this) as Cognito trigger using CLI as there is no provision in web console to do so. Now I am getting PreSignUp invocation failed due to the error AccessDeniedException while signing up. I am not sure about it but this might be happening as I have configured trigger using CLI. I tried to locate Cognito specific role in IAM but I didn't find such role.
So how can I update missing permissions in IAM?
I used the following CLI command to update the permissions.
aws lambda add-permission --function-name <ARN of the lambda alias> --source-arn <user-pool-arn> --action lambda:InvokeFunction --principal cognito-idp.amazonaws.com