angularamazon-cognitoaws-amplifyangular17angular-standalone-components

Amplify Gen 2 Users List

I'm read all the Amplify Gen 2 Documentation but I don't find how to list all registered users in application.

It's because need to create a admin page to list all users with his roles in Angular.

I think that probably can do this with lambda functions or something like that but I don't find nothing about that.

Thanks for all!

I'm read all the documentation: https://docs.amplify.aws/angular/build-a-backend/auth/connect-your-frontend/

Solution

  • The solution is create custom function that return all users by Cognito Pool and assign manually the permission to this function:

    cognito-idp:ListUsers

    backend.ts

    import { defineBackend } from '@aws-amplify/backend';
import { auth } from './auth/resource';
import { data } from './data/resource';

import * as iam from "aws-cdk-lib/aws-iam";
import {listUsers} from "./data/list-users/resource";
import {PolicyStatement} from "aws-cdk-lib/aws-iam";

const backend =  defineBackend({
  auth,
  data,
  listUsers

});

const lambdaFunction = backend.listUsers.resources.lambda;
lambdaFunction.role?.attachInlinePolicy(
 new iam.Policy(backend.auth.resources.userPool, "AllowListUsers", {
  statements: [
   new iam.PolicyStatement({
    actions: ["cognito-idp:ListUsers"],
    resources: [backend.auth.resources.userPool.userPoolArn],
  }),
  ],
 })
);

    auth/resource.ts

    import { defineAuth } from '@aws-amplify/backend';
import {addUserToGroup} from "../data/add-user-to-group/resource";
import {listUsers} from "../data/list-users/resource";

export const auth = defineAuth({
  loginWith: {
   email: true,
},
groups: ["ADMINS"],
access: (allow) => [
  allow.resource(addUserToGroup).to(["addUserToGroup"]),
  allow.resource(listUsers).to(["manageUsers"]),
 ],
});

    data/list-users/resource.ts

    import { defineFunction } from "@aws-amplify/backend"

export const listUsers = defineFunction({
 name: "list-users",
})

    data/list-users/handler.ts

    import { env } from "$amplify/env/list-users"
import type { Schema } from "../resource"
import { CognitoIdentityProviderClient, ListUsersCommand } from "@aws-sdk/client-cognito-identity-provider";

type Handler = Schema["listUsers"]["functionHandler"]
const client = new CognitoIdentityProviderClient()

export const handler: Handler = async (event) => {
  const command = new ListUsersCommand({ UserPoolId: env.AMPLIFY_AUTH_USERPOOL_ID });


  const response = await client.send(command)
  return response;
}