I'm read all the Amplify Gen 2 Documentation but I don't find how to list all registered users in application.
It's because need to create a admin page to list all users with his roles in Angular.
I think that probably can do this with lambda functions or something like that but I don't find nothing about that.
Thanks for all!
I'm read all the documentation: https://docs.amplify.aws/angular/build-a-backend/auth/connect-your-frontend/
The solution is create custom function that return all users by Cognito Pool and assign manually the permission to this function:
cognito-idp:ListUsers
backend.ts
import { defineBackend } from '@aws-amplify/backend';
import { auth } from './auth/resource';
import { data } from './data/resource';
import * as iam from "aws-cdk-lib/aws-iam";
import {listUsers} from "./data/list-users/resource";
import {PolicyStatement} from "aws-cdk-lib/aws-iam";
const backend = defineBackend({
auth,
data,
listUsers
});
const lambdaFunction = backend.listUsers.resources.lambda;
lambdaFunction.role?.attachInlinePolicy(
new iam.Policy(backend.auth.resources.userPool, "AllowListUsers", {
statements: [
new iam.PolicyStatement({
actions: ["cognito-idp:ListUsers"],
resources: [backend.auth.resources.userPool.userPoolArn],
}),
],
})
);
auth/resource.ts
import { defineAuth } from '@aws-amplify/backend';
import {addUserToGroup} from "../data/add-user-to-group/resource";
import {listUsers} from "../data/list-users/resource";
export const auth = defineAuth({
loginWith: {
email: true,
},
groups: ["ADMINS"],
access: (allow) => [
allow.resource(addUserToGroup).to(["addUserToGroup"]),
allow.resource(listUsers).to(["manageUsers"]),
],
});
data/list-users/resource.ts
import { defineFunction } from "@aws-amplify/backend"
export const listUsers = defineFunction({
name: "list-users",
})
data/list-users/handler.ts
import { env } from "$amplify/env/list-users"
import type { Schema } from "../resource"
import { CognitoIdentityProviderClient, ListUsersCommand } from "@aws-sdk/client-cognito-identity-provider";
type Handler = Schema["listUsers"]["functionHandler"]
const client = new CognitoIdentityProviderClient()
export const handler: Handler = async (event) => {
const command = new ListUsersCommand({ UserPoolId: env.AMPLIFY_AUTH_USERPOOL_ID });
const response = await client.send(command)
return response;
}