Cognito implements the case of “allowing only administrators to create users”. Use AdminCreateUser
in the Amazon Cognito user pool API.
Use Serverless Flamework
to implement the API.
What you want to make
When the administrator includes the email address of the person who wants to issue the account
in the request and executes it, the account is issued.
Create an API to send the user name and initial password
to that email address.
Cognito user pool settings
This time, we will proceed with the implementation when using only the email address.

“Do you want to allow users to self-sign up?” you must specify “Allow administrators to create users only“.

Folder configuration
- .serverless
- ...
- conf
- ...
- functions
- auth
- index.js
- adminCreateUser.js
- node_modules
- ...
- package-lock.json
- package.json
- serverless.yml
- webpack.config.js
implementation
app: app-name
service: service-name
provider:
name: aws
runtime: nodejs12.x
region: ap-northeast-1
stage: ${opt:stage, self:custom.defaultStage}
profile: default
environment:
${file(./conf/${opt:stage}/${opt:stage}.yml)}
iamRoleStatements:
- Effect: Allow
Action:
- cognito-idp:*
Resource:
- "arn:aws:cognito-idp:ap-northeast-1:**********:userpool/ap-northeast-1_******"
custom:
defaultStage: dev
otherfile:
environment:
dev: ${file(./conf/dev/dev.yml)}
stg: ${file(./conf/stg/stg.yml)}
prd: ${file(./conf/prd/prd.yml)}
functions:
adminCreateUser:
handler: functions/auth/index.adminCreateUser
events:
- http:
path: owner/create
method: post
cors: true
plugins:
- serverless-webpack
const validator = require('validator')
const qs = require('qs')
const cognito = require('./adminCreateUser.js')
export function adminCreateUser(event, context, callback) {
var pParam = null
if(event.body !== null) {
pParam = (validator.isJSON(event.body)) ? JSON.parse(event.body) : qs.parse(event.body)
}
cognito.adminCreateUser(pParam, (err, result) => {
if (err) {
callback(null, {
statusCode: 400,
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'Content-Type'
},
body: JSON.stringify({
status: '400',
errorInfo: err
})
})
} else {
callback(null, {
statusCode: 200,
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'Content-Type'
},
body: JSON.stringify({
status: '000',
responseData: result
})
})
}
})
}
'use strict'
const AWS = require('aws-sdk')
exports.adminCreateUser = (body, callback) => {
if (body.email === undefined) return callback('email is a required field.) ')
var cognitoisp = new AWS. CognitoIdentityServiceProvider({ apiVersion: '2016-04-18' })
var params = {
UserPoolId: 'ap-northeast-1_*****',
Username: body.email,
DesiredDeliveryM[ 'EMAIL' ]ediums: ,
ForceAliasCreation: false,
UserAttributes: [
{
Name: 'email_verified',
Value: 'true'
},
{
Name: 'email',
Value: body.email
}
]
}
cognitoisp.adminCreateUser(params, function(err, data) {
if (err) {
console.error(err, err.stack)
callback(err)
} else {
console.log(data)
callback(null, data)
}
})
}
Reference
For the time being, look at this ↓
AdminCreateUser - Amazon Cognito User Pools
Creates a new user in the specified user pool.
Check the implementation contents ↓

AWS Cognito adminCreateUser from Lambda
I'm trying to create a user in a AWS User Pool from an AWS Lambda I tried with this script took from what seems to be the official JavascriptSDK for the AWS b...
↑ In the implementation, because the mail did not fly ↓

Not receiving mail with "adminCreateUser" function in AWS Cognito
I am trying to create User with adminCreateUser function, but I am not receiving temporary password on my mail id. var RegisterUser = exports.RegisterUser = fu...