AWS CDK: Creating User Pools and Custom Triggers in TypeScript for Effective Identity Management

Welcome to our latest guide, where we embark on a journey through the realm of AWS Cloud Development Kit (CDK) and TypeScript. In this tutorial, we will delve into the intricacies of identity management, focusing on the creation of user pools and the integration of custom triggers.

Managing user identities efficiently is crucial for modern applications, and AWS CDK simplifies this process by allowing developers to express infrastructure as code using familiar programming languages. TypeScript, being a statically typed superset of JavaScript, adds a layer of robustness to the development process.

This guide aims to empower you with the skills to leverage AWS CDK in TypeScript for the creation of user pools, providing a secure and scalable solution for identity management. Additionally, we will explore the customization of triggers to tailor the identity workflows to your specific application needs.

Whether you’re a seasoned developer looking to expand your AWS CDK expertise or a newcomer eager to explore identity management in the cloud, this tutorial is designed to provide practical insights and hands-on experience. Let’s embark on this journey together, unlocking the potential of identity solutions with AWS CDK and TypeScript.

Prerequisites for AWS CDK

• AWS Account
• Node.js
• TypeScript

Install the AWS CDK

Install the AWS CDK Toolkit globally using the following Node Package Manager command.

npm install -g aws-cdk

Run the following command to verify correct installation and print the version number of the AWS CDK.

cdk - version

Step 1: Starting an AWS CDK TypeScript Project

Create a new directory for your app

mkdir test-project 
cd test-project

Now, kickstart your app by using the “cdk init” command. Choose your preferred template (“app”) and programming language from the examples below:

cdk init app - language typescript

The cdk init command creates a number of files and folders inside the test-project directory to help you organize the source code for your AWS CDK app.

Step 2: Create user pool in stack

At this point, your app doesn’t do anything because the stack it contains doesn’t define any resources. Let’s add a user pool

const userPool = new UserPool(this, "userPool", { 

removalPolicy: cdk.RemovalPolicy.RETAIN, 

selfSignUpEnabled: true, 

signInAliases: { 

username: true, 

email: true, 

}, 

autoVerify: { 

email: true, 

}, 

standardAttributes: { 

email: { 

required: true, 

}, 

familyName: { 

mutable: true, 

required: true, 

}, 

givenName: { 

mutable: true, 

required: true, 

}, 

} 

}); 

 

Step 3: Create app client for user pool

const userPoolClient = new UserPoolClient(this, "userPoolClient", { 

userPool: userPool, 

userPoolClientName: `${context.appName}-client-${context.environment}`, 

authFlows: { 

userPassword: true, 

userSrp: true, 

}, 

}); 

 

Step 4: Create lambda handler

In this example we are adding custom message handler that changes email content.

Let’s create new folder and add our handler file

Step 5: Update handler function

Update your handler function to change email content based on the event type.

import { CustomMessageTriggerHandler } from "aws-lambda"; 

 

export const handler: CustomMessageTriggerHandler = async (event) => { 

if (event.triggerSource === "CustomMessage_SignUp") { 

const message = `Dear ${event.request.userAttributes.given_name} ${event.request.userAttributes.family_name} 

Thank you for registering. 

Please use this code to verify your email address ${event.request.codeParameter}`; 

event.response.emailMessage = message; 

event.response.emailSubject = "User Registration"; 

} 

if (event.triggerSource === "CustomMessage_ForgotPassword") { 

const message = `Dear ${event.request.userAttributes.given_name} ${event.request.userAttributes.family_name} 

Please use this code to reset your password ${event.request.codeParameter}`; 

event.response.emailMessage = message; 

event.response.emailSubject = "Password Reset"; 

} 

return event; 

}; 

 

Step 6: Create lambda function and adding as trigger to our user pool

const customMessageLambda = new NodejsFunction( 

this, 

`CustomMessageLambda`, 

{ 

entry: `lambda-handlers/message.handler.ts`, 

runtime: lambda.Runtime.NODEJS_18_X, 

} 

); 

// Grant permissions for Cognito to invoke the Lambda function 

customMessageLambda.addPermission("InvokePermission", { 

principal: new iam.ServicePrincipal("cognito-idp.amazonaws.com"), 

sourceArn: userPool.userPoolArn, 

}); 

// Add a Lambda trigger for custom messages and post confirmation 

userPool.addTrigger(UserPoolOperation.CUSTOM_MESSAGE, customMessageLambda); 

 

Step 7: Build and deploy our resources to AWS cloud

1. Synthesize an AWS CloudFormation template for the app, as follows.

cdk synth

2. Deploying the stack

cdk deploy

You can find full project on github: https://github.com/dharmikcidc/serverless-backend

Dharmik Panchal

Architect, ConcertIDC