Updating custom user attributes on AWS cognito with a number value (via a post confirmation trigger / lambda function)

Question

I have a lambda trigger in my user pool (post confirmation lambda trigger), which calls the code below:

sess, err := session.NewSession()
    if err != nil {
        fmt.Println("failed to create session", err.Error())
    }

    svc := cognitoidentityprovider.New(sess)

    params := &cognitoidentityprovider.AdminUpdateUserAttributesInput{
        UserAttributes: []*cognitoidentityprovider.AttributeType{
            {
                Name:  aws.String("custom:onboarding"),
                Value: aws.Int(0),
            },
        },
        UserPoolId: aws.String("xxxxx"),
        Username:   aws.String("xxxxx"),
    }

    resp, err := svc.AdminUpdateUserAttributes(params)
    if err != nil {
        fmt.Println("resp error: ", err.Error())
    }
    fmt.Println(resp)

Im receiving the following error:

.\main.go:36:5: cannot use "github.com/aws/aws-sdk-go-v2/aws".Int(0) (type *int) as type *string in field value

The value needs to be an integer, as the custom attribute is set as a number in cognito.

What am I missing here? Or is this not the right method?

Thanks in advance

Answer 1

I have found the answer. As isavinof said, the value has a string type, which wasn't working initially, however, it turned out to be a permissions error ( AccessDeniedException ).

To fix the problem, I followed this answer: https://stackoverflow.com/a/67678111/1898662

I. CREATING THE POLICY (FOR PERMISSION)

• Go to IAM console -> Policies -> Create Policy.
• Choose "Cognito User Pools" Services.
• Specify the desired actions for which you need permission for (List, Read,
  etc.) In this case, it was write -> AdminUpdateUserAttributesInput
• Specify Resources - the userpool region and id
• Choose request conditions (optional).
• Add Tags (Optional) - helps with searching in a large list of policies
• Give name and description of the policy - be exact as it helps to ensure you have chosen the right one in the next stage
• Click on "Create Policy" button. POLICY CREATED.

II. ADDING THE POLICY TO THE USER :

• Go to IAM console -> Users (in this case, roles, not users, and find the lambda function role. If you don't know it, view it in the lambda backend, under permissions)
• Select the desired role.
• In permissions tab, click on Add Permissions.
• Click on "Attach existing policy directly".
• Search for the policy you just created.
• Click on "Add Permissions" ISSUE IS RESOLVED.