Add a Cognito user to DynamoDB on sign up confirmation

As the name suggests, we will add a Cognito user to DynamoDB as soon as the user confirms the signup (i.e. performs verification).


You should have the following

  1. A Cognito User Pool
  2. A DynamoDB table (I’ll call my table ‘cognito_users’, with ‘username’ as the primary key)


We will use an AWS Lambda for mediating the process. We will use Python3.6 as the Lambda runtime for this function.

Cognito to Lambda to DynamoDB

Step 1: Create a lambda

  1. Go to the Lambda console (preferably the same region as your Cognito User Pool) and click on ‘Create Function’
  2. Give your function a suitable name
  3. Select Python 3.6 as the runtime
  4. Click on ‘Create Function’

Step 2: Attach the Policy

  1. Go to the ‘Configuration’ tab of the lambda function you just created, and click on Permissions
  2. Click on the Role Name displayed under the ‘Execution roles’ section
  3. In the screen that opens up, click on ‘Attach policies’
  4. Search for ‘AmazonDynamoDBFullAccess’ and attach it to this role

You can even create your own policy with restricted access to resources.

Step 3: Add code to the lambda

  1. Go to the ‘Code’ tab of your lambda function
  2. Replace the existing code with this:
import json
import boto3

dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('cognito_users')

# example event = 
# {'version': '1', 'region': 'us-east-1', 'userPoolId': 'us-east-1_sJ9EEEEEE', 
# 'userName': '1d3e62b0-1dc6-4fed-9872-b67bfaaaaaa', 
# 'callerContext': {'awsSdkVersion': 'aws-sdk-unknown-unknown', 'clientId': '7bead3niq15471jo3eeeeeee'}, 
# 'triggerSource': 'PostConfirmation_ConfirmSignUp', 
# 'request': {'userAttributes': {'sub': '1d3e62b0-1dc6-4fed-9872-b67bf9gggggg', 'email_verified': 'true', 
# 'cognito:user_status': 'CONFIRMED', 'cognito:email_alias': '[email protected]', 'email': '[email protected]'}}, 'response': {}}

def lambda_handler(event, context):
    # TODO implement
    username = event['userName']
    useremail = event['request']['userAttributes']['email']
    response = table.put_item(Item={'username':username, 'useremail':useremail})
    return event

As you can see, this function extracts the username and email from the event, and adds them to the dynamoDB table, using boto3. You can read more about boto3 for dynamoDB here.

The key thing to note is that it returns back the event. Lambda triggered by the Cognito trigger should perform the required processing, and return back the event.

Step 4: Add the trigger in Cognito

  1. Go to the Cognito User Pool, and from the left menu, click on ‘Triggers’ under ‘General Settings’
  2. Search for ‘Post Confirmation’, and from the dropdown, select the Lambda function you just created.

That’s it. Your system can now be tested. Create a new user in Cognito (through any app client linked to the user pool), and check the invocation of the Lambda and the creation of the item in the DynamoDB table. If you need to test the Lambda independently, you can add the sample event in the code comments as a test event, and trigger the lambda using it.

I hope you liked this article. For more tutorials on AWS, check out Also, if you are planning to become a certified AWS Solutions Architect, I’d recommend that you check out this course on Udemy. I took this course and found the lectures to be lucid, to-the-point, and fun. I hope they will help you as well.

Leave a comment

Your email address will not be published. Required fields are marked *