Closed jayair closed 6 years ago
to create the user and confirm I had to add an extra parameter to both calls (--region us-east-1)
$ aws cognito-idp sign-up \
--client-id YOUR_COGNITO_APP_CLIENT_ID \
--username admin@example.com \
--password Passw0rd! \
--user-attributes Name=email,Value=admin@example.com \
_**--region us-east-1**_
@Pancakerobot good tip, we've gotten some feedback from some people that have run into region related issues.
I had the same problem. You get the region from your Pool Id. Mine was us-east-2_dUMVe5SZr
but it doesn't look like you need anything after the underscore. so tacking on --region us-east-2
worked for me
Added it to the chapter - 562b54b252423011d418e16aed20083d403c4b18
I'm having trouble running
$ aws cognito-idp sign-up \ --region us-east-1 \ --client-id YOUR_COGNITO_APP_CLIENT_ID \ --username admin@example.com \ --password Passw0rd! \ --user-attributes Name=email,Value=admin@example.com
Actually when I even try running the first line "aws cognito-idp sign-up" into the command prompt (im using windows), it just gives me this error.
I'm pretty sure I configured it in the beginning. Any help would be greatly appreciated.
`
@Hollow27 When you try the full command (with the client-id passed in), what is the error you are seeing?
This is what I'm getting (kind of a noob using the terminal):
Unknown output type: [None]
^thats what im getting when I try the full command with client-id passed in.
@Hollow27 Yeah I'm not too familiar with Windows. But @ryanjcruz is a Windows user. Maybe he can help you?
@jayair @Hollow27 you'd need to add \ at the end of the command per line i.e $ aws cognito-idp sign-up \ --region us-east-1 \ --client-id YOUR_COGNITO_APP_CLIENT_ID \ --username admin@example.com \ --password Passw0rd! \ --user-attributes Name=email,Value=admin@example.com
then the last line shouldn't have any as that should be the enter key needed to execute the command.
@ryanjcruz I'm thinking of adding instructions for Windows users soon. I can use your help with that. Do you mind if I ping you once I figure out the format for it?
@jayair no probs, happy to help out.
@ryanjcruz It would help if the instructions show output from commands. Is "UserConfirmed": false, from the response I got expected?
{
"UserConfirmed": false,
"CodeDeliveryDetails": {
"AttributeName": "email",
"Destination": "a***@j***.com",
"DeliveryMedium": "EMAIL"
}
}
Also, having common error responses would be helpful as well. I'm writing because I got this doing verification:
An error occurred (UnrecognizedClientException) when calling the AdminConfirmSignUp operation: The security token included in the request is invalid.
The response is from this command:
aws cognito-idp admin-confirm-sign-up \
--region us-west-2 \
--user-pool-id us-west-2_bAEhmtfs7 \
--username admin1@jetbloom.com
The user-pool-id value I got from Pool details: Pool Id, above the Pool ARN.
@wilsonmar That's a good idea. I'll be adding sections to chapters with common errors people are getting.
Can you help me get un-stuck? If not, who can? I'll add to your tutorial is you help me.
On Mon, May 29, 2017 at 7:42 AM, Jay V notifications@github.com wrote:
@wilsonmar https://github.com/wilsonmar That's a good idea. I'll be adding sections to chapters with common errors people are getting.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/AnomalyInnovations/serverless-stack-com/issues/18#issuecomment-304641293, or mute the thread https://github.com/notifications/unsubscribe-auth/AASUDo0eKEjL1QEHzr9m9Plf-YRKHxdIks5r-q8egaJpZM4M4OAz .
@wilsonmar The response you received for the sign-up
step looks good. User will only be confirmed after the admin-confirm-sign-up
step, which will succeed silently.
Your error An error occurred (UnrecognizedClientException) when calling the AdminConfirmSignUp operation: The security token included in the request is invalid.
sounds very much like AWS CLI credentials not specified correctly. Could do refer to these two chapters and double check the CLI configuration.
http://serverless-stack.com/chapters/create-an-iam-user.html
http://serverless-stack.com/chapters/configure-the-aws-cli.html
At the end of the day, you should have a file at ~/.aws/credentials
look similar to
[default]
aws_access_key_id = AKXXXXXXXXXXXXXXXXMQ
aws_secret_access_key = JOsGrxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc132
OK, I Googled around and found this explanation on May 25, 2016 by EdL@AWS: "Cognito User Pools are currently only available in US East (Virginia)." at https://forums.aws.amazon.com/thread.jspa?messageID=722312
Since the first mention of region is at http://serverless-stack.com/chapters/create-an-s3-bucket-for-file-uploads.html I've forked, created branch 'Cognito-User-Pools-only-avail-US-East-1, and updated file as https://github.com/AnomalyInnovations/serverless-stack-com/pull/93
Cognito User Pools were made available in us-west-2, US West (Oregon) later in 2016. https://aws.amazon.com/blogs/aws/amazon-cognito-your-user-pools-now-generally-available/
You shouldn't be able to create the pool in the first place if it were not available.
I'll post the link where that AWS guy posted his fake news. Do you have a link I can go to for properly setting up the creditions file on my machine?
On Tue, May 30, 2017 at 8:06 PM, Frank notifications@github.com wrote:
Cognito User Pools were made available in us-west-2, US West (Oregon) later in 2016. https://aws.amazon.com/blogs/aws/amazon-cognito-your-user- pools-now-generally-available/
You shouldn't be able to create the pool in the first place if it were not available.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/AnomalyInnovations/serverless-stack-com/issues/18#issuecomment-305043666, or mute the thread https://github.com/notifications/unsubscribe-auth/AASUDr2pQlurB5T7Wn1GGU6pgkzKI5ETks5r_K8QgaJpZM4M4OAz .
I have multiple AWS profiles for different accounts. Since the one I'm using for this tutorial isn't my default, I needed to add the --profile [profile name from my ~/.aws/credentials file] flag to both CLI commands. Hope this helps!
Thanks for the tip @pjamieson. I'll add it to the tutorial when I get a chance.
Nothing works I've ran into this problem while running the command
aws cognito-idp sign-up \
--region us-east-1 \
--client-id 4kjstkv1m9t0orh6n569jnhgt5 \
--username admin@example.com \
--password Passw0rd! \
--user-attributes Name=email,Value=admin@example.com
An error occurred (ResourceNotFoundException) when calling the SignUp operation: User pool client 4kjstkv1m9t0orh6n569jnhgt5 does not exist.
Problem solved. My problem was the region. My region pool was us-west-2 not 1.
Thanks @pjamieson. I have multiple profiles too. When the '--profile ' parameter was not specified, 'sign-up' succeed but 'admin-confirm-sign-up' failed. I seems that the --region parameter was ignored.
I solved the OP issue, but this is what I got next: https://github.com/AnomalyInnovations/serverless-stack-com/issues/133
aws cognito-idp admin-confirm-sign-up --region us-east-1 --user-pool-id us-east-1_fdlHwCS7x --username admin@example.com just returns "User pool us-east-1_fdlHwCS7x does not exist." I can see the user created with aws cognito-idp sign-up in the user pool with a status of UNCONFIRMED. I've recreated the user pool three times with the same result.
You probably created the pool in the wrong region.
@KelpDuNord Hmm that's really weird. So aws cognito-idp sign-up
works but aws cognito-idp admin-confirm-sign-up
does not work?
This is my second attempt and I get the same error:
An error occurred (IncompleteSignatureException) when calling the AdminConfirmSignUp operation: 'key' not a valid key=value pair (missing equal-sign) in Authorization header...
Thanks for this discussion. It led me to the solution. I looked up the correct region by going to the Cognito home page (e.g. at https://us-east-2.console.aws.amazon.com/cognito/home), clicking "Manage your user pools", selecting the user pool I created for the tutorial, and looking at the Pool ID.
I just tried again, and yes, the signup worked but confirm did not. After running aws configure (I may have missed this before?), the confirm was successful.
@KelpDuNord Thanks for reporting back. Can you tell me what you set in the aws configure
command?
@lucasgonze Thanks for sharing your experience.
@HeyMarcy Can you show me the full command you used?
@Hollow27 , were you able to solve your issue? I had the same issue, however changing region to us-east-2 (--region us-east-2 )worked for me.
On running: aws cognito-idp sign-up --region ap-south-1 --client-id xxxxx --username admin@example.com --password Passw0rd!
I got the below error
An error occurred (InvalidParameterException) when calling the SignUp operation: Cannot perform specific action because there does not exist a valid use pool domain associated with the user pool
I added the domain name in: User Pool -> App Integration -> Domain Name and then it seemed to work:
epiphany-consulting jai$ aws cognito-idp sign-up --region ap-south-1 --client-id xxxxyyyy --username admin@example.com --password Passw0rd! { "UserConfirmed": false, "CodeDeliveryDetails": { "AttributeName": "email", "Destination": "a@e.com", "DeliveryMedium": "EMAIL" } }
I am getting error as cognito-idp sub-cmd itself is not recognised.
vyas@gladiator:~$ aws cognito-idp sign-up --client-id $my-client-id --username admin@example.com --password Passw0rd! --user-attributes Name=email,Value=admin@example.com --region us-east-1
usage: aws [options] <command> <subcommand> [parameters]
aws: error: argument command: Invalid choice, valid choices are:
autoscaling | cloudformation
cloudfront | cloudsearch
cloudsearchdomain | cloudtrail
cloudwatch | cognito-identity
cognito-sync | datapipeline
directconnect | dynamodb
ec2 | elasticache
elasticbeanstalk | elastictranscoder
elb | emr
iam | importexport
kinesis | kms
lambda | logs
opsworks | rds
redshift | route53
route53domains | sdb
ses | sns
sqs | storagegateway
sts | support
swf | s3api
s3 | configure
deploy | configservice
help
Not sure if need something else to aws cli to look for cognito-idp
(using Ubuntu 17.0.4)
vyas@gladiator:~$ aws --version
aws-cli/1.6.6 Python/2.7.13 Linux/4.10.0-38-generic
Thoughts / comments ..... please.
@saurabh-vyas That's really weird. Are you using the latest AWS CLI?
This is my version.
$ aws --version
aws-cli/1.11.189 Python/2.7.10 Darwin/16.7.0 botocore/1.7.47
@jayair : seems like the older version did not had this sub-cmd. I uninstalled awscli & re-installed that ... and with version 1.11.189 .... I was able to run this succesfully
vyas@gladiator:~/Learning/Serverless/notes-app-api$ aws cognito-idp sign-up --client-id $my-client-id --username admin@example.com --password Passw0rd! --user-attributes Name=email,Value=admin@example.com --region us-east-1
{
"UserConfirmed": false,
"UserSub": "938c49aa-344e-4c89-9dfe-4c25ad9a2afc",
"CodeDeliveryDetails": {
"AttributeName": "email",
"Destination": "a***@e***.com",
"DeliveryMedium": "EMAIL"
}
}
@saurabh-vyas Great! Thanks for reporting back.
Hello I am getting an error others haven't seemed to have run into. I'm very new to AWS, and Serverless is my first go at using it. I'm running into issues with verifying the account
In windows powershell: aws cognito-idp admin-confirm-sign-up \ --region us-east-2 \ --user-pool-id us-east-2** \ --username admin@example.com \
I get the following error: An error occurred (InvalidSignatureException) when calling the AdminConfirmSignUp operation: Signature expired: 20171204T063700Z is now earlier than 20171204T193202Z (20171204T193702Z - 5 min.)
Advice would be greatly appreciated so I can keep chugging through this tutorial :) i have changed it all to be the correct region as well. I don't really understand what my error means
I have discovered that I can verify manually though the AWS platform, but I would prefer things ran as they should through the terminal
The time on your system is off by more than 5 minutes, which is flagging this has an error. You can use ntp to keep the time in sync.
On 05-Dec-2017, at 1:19 AM, Sarah Jackson notifications@github.com wrote:
Hello I am getting an error others haven't seemed to have run into. I'm very new to AWS, and Serverless is my first go at using it.
In windows powershell: aws cognito-idp admin-confirm-sign-up --region us-east-2 --user-pool-id us-east-2** --username admin@example.com mailto:admin@example.com \
I get the following error: An error occurred (InvalidSignatureException) when calling the AdminConfirmSignUp operation: Signature expired: 20171204T063700Z is now earlier than 20171204T193202Z (20171204T193702Z - 5 min.)
Advice would be greatly appreciated so I can keep chugging through this tutorial :) i have changed it all to be the correct region as well. I don't really understand what my error means
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/AnomalyInnovations/serverless-stack-com/issues/18#issuecomment-349084105, or mute the thread https://github.com/notifications/unsubscribe-auth/ADT8tdsA00tC6c6yMO8mZSlofNaqO1xkks5s9EzmgaJpZM4M4OAz.
@Jaikant Oh that's a good catch.
I also got the InvalidSignatureExceptionError when trying to run admin-confirm-sign-up step. Strangely the sign-up step worked as expected, so there must be a difference in how these two commands escapes the secret key.
I am adding this here in case someone else runs into problems, as this issue pops up on top of the Google search.
The error:
An error occurred (InvalidSignatureException) when calling the AdminConfirmSignUp operation: The request signature we calculated does not match the signature you provided. Check your AWS Secretr Access Key and signing method. Consult the service documentation for details.
This was caused by my secret key containing a plus '+' sign. This happened on a Windows 10 installation with the following awscli version.
C:\WINDOWS\system32>aws --version
aws-cli/1.14.9 Python/3.4.3 Windows/8 botocore/1.8.13
Once I regenerated an ID/Key-pair without a plus sign, the error disappeared.
@johanseland Thanks for the comment and the context.
@svj13 I'm having the same problem you had and can't figure it out. How did you verify the test user through AWS rather than through the command line?
I had the InvalidSignatureException issue, and it was resolved once I added a new access key for the admin user! I don't know the reason why, but this worked for me.
Note that something similar has been pointed out by @bedney in the discussion at https://github.com/aws/aws-sdk-js/issues/86
I'm having the same issue as @KelpDuNord above where the sign-up
command worked, but the admin-confirm-sign-up
command does not work.
I run:
aws cognito-idp admin-confirm-sign-up --region us-east-1 --user-pool-id us-east-1_mV4oIXtXy --username admin@example.com
I receive:
An error occurred (ResourceNotFoundException) when calling the AdminConfirmSignUp operation: User pool us-east-1_mV4oIXtXy does not exist.
I've done the following:
serverless
system account (since mine had a '+' in it and I'm on Windows)describe-user-pool
command with the user pool id and having the same errorI will confirm the user manually through the console, but I want to know why this is happening. Any ideas? Thanks.
I figured it out. My AWS credentials file was corrupt, if you can call it that. It had two credentials under the [default] name. I'm not sure how that happened. I discovered this problem by running aws configure
again and seeing that my new keys weren't being persisted. On Windows, I navigated to %USER_PROFILE%\.aws
and edited the credentials
file in a text editor as opposed to through the command window. Then, when I ran my command to confirm the user, it worked as expected.
@pflugs30 Flag you figured it out. Thanks for following up.
I started the tutorial a couple months ago and ran into some problems. I only just recently picked it back up trying to double check each step and noticed an error on this one.
Doing this on a Raspberry Pi (running Raspbian) and have noticed that some of the libraries are quite old. That said, here is my aws version:
pi@raspberrypi:~ $ aws --version
aws-cli/1.14.28 Python/2.7.13 Linux/4.9.59-v7+ botocore/1.8.32
I believe I was able to create a test user just fine with:
pi@raspberrypi:~/sandbox $ aws cognito-idp sign-up --region us-east-1 --client-id $my_client_id --username admin@example.com --password Passw0rd!
but when I go to confirm the creation, I get an error:
pi@raspberrypi:~/sandbox $ aws cognito-idp admin-confirm-sign-up --region us-east-1 --user-pool-id $my_client_id --username admin@example.com
An error occurred (NotAuthorizedException) when calling the AdminConfirmSignUp operation: User cannot be confirm. Current status is CONFIRMED
Checking the aws console shows successful creation and confirmation (I think):
Is this all expected behavior? I have double checked the region (a frequent problem it appears) and created a new IAM (Access key ID , Secret access key) pair (and re-running aws configure
) to no avail.
I would like to echo what others have said about including expected output in this section of the tutorial and/or some common problems and how to resolve them.
@codywr From the Created and Last Modified date, it seems like the user was created a while ago? Maybe you had it confirmed back then?
@jayair Can it only be confirmed once? I was expecting a confirmation each time I asked for one. From the look of the error (NotAuthorizedException
), I was thinking this was some sort of permissions problem.
Link to chapter - http://serverless-stack.com/chapters/create-a-cognito-test-user.html