Get Cognito user attributes in Lambda function


I’m using AWS Amplify to create a Lambda function, REST API, and Cognito user pool. I want to retrieve the Cognito user who made the request to the endpoint so I can access their user attributes.

I selected the serverless Express template for the function:


And the client-side configuration sets the Authorization header based on the current user’s token:


Does the event (req.apiGateway.event) or context hold user information? Or can I use the Authorization header somehow?

Also, what would it look like to make the Cognito call inside the Lambda function? Will this need to use the Admin API?



You can get the federated identity ID of the user through the Lambda context object using context.identity.cognitoIdentityId, but this will just be the ID associated with the user in the Cognito Identity Pool and not the Cognito User Pool.

The best way that I’ve seen to get User Pool attributes within Lambda is to use a custom authorizer, pass in the JWT token generated client-side by the SDK, and decode it server-side. After authorizing the user and decoding the JWT token, your Lambda will be able to access the User Pool attributes in Here’s a post walking through the custom authorizer:

Leave a Reply