angularamazon-cognitoaws-amplifyangular17angular-standalone-components

Amplify Gen 2 Users List


I'm read all the Amplify Gen 2 Documentation but I don't find how to list all registered users in application.

It's because need to create a admin page to list all users with his roles in Angular.

I think that probably can do this with lambda functions or something like that but I don't find nothing about that.

Thanks for all!

I'm read all the documentation: https://docs.amplify.aws/angular/build-a-backend/auth/connect-your-frontend/


Solution

  • The solution is create custom function that return all users by Cognito Pool and assign manually the permission to this function:

    cognito-idp:ListUsers

    backend.ts

    import { defineBackend } from '@aws-amplify/backend';
    import { auth } from './auth/resource';
    import { data } from './data/resource';
    
    import * as iam from "aws-cdk-lib/aws-iam";
    import {listUsers} from "./data/list-users/resource";
    import {PolicyStatement} from "aws-cdk-lib/aws-iam";
    
    const backend =  defineBackend({
      auth,
      data,
      listUsers
    
    });
    
    const lambdaFunction = backend.listUsers.resources.lambda;
    lambdaFunction.role?.attachInlinePolicy(
     new iam.Policy(backend.auth.resources.userPool, "AllowListUsers", {
      statements: [
       new iam.PolicyStatement({
        actions: ["cognito-idp:ListUsers"],
        resources: [backend.auth.resources.userPool.userPoolArn],
      }),
      ],
     })
    );
    

    auth/resource.ts

    import { defineAuth } from '@aws-amplify/backend';
    import {addUserToGroup} from "../data/add-user-to-group/resource";
    import {listUsers} from "../data/list-users/resource";
    
    export const auth = defineAuth({
      loginWith: {
       email: true,
    },
    groups: ["ADMINS"],
    access: (allow) => [
      allow.resource(addUserToGroup).to(["addUserToGroup"]),
      allow.resource(listUsers).to(["manageUsers"]),
     ],
    });
    

    data/list-users/resource.ts

    import { defineFunction } from "@aws-amplify/backend"
    
    export const listUsers = defineFunction({
     name: "list-users",
    })
    

    data/list-users/handler.ts

    import { env } from "$amplify/env/list-users"
    import type { Schema } from "../resource"
    import { CognitoIdentityProviderClient, ListUsersCommand } from "@aws-sdk/client-cognito-identity-provider";
    
    type Handler = Schema["listUsers"]["functionHandler"]
    const client = new CognitoIdentityProviderClient()
    
    export const handler: Handler = async (event) => {
      const command = new ListUsersCommand({ UserPoolId: env.AMPLIFY_AUTH_USERPOOL_ID });
    
    
      const response = await client.send(command)
      return response;
    }