Skip to content

feat(cognito): inbound federation Lambda trigger#37082

Open
badmintoncryer wants to merge 10 commits intoaws:mainfrom
badmintoncryer:inbound-federation
Open

feat(cognito): inbound federation Lambda trigger#37082
badmintoncryer wants to merge 10 commits intoaws:mainfrom
badmintoncryer:inbound-federation

Conversation

@badmintoncryer
Copy link
Copy Markdown
Contributor

@badmintoncryer badmintoncryer commented Feb 25, 2026
edited
Loading

Issue # (if applicable)

N/A

Reason for this change

Cognito User Pool now supports the inbound federation Lambda trigger, which allows transforming and customizing federated user attributes during authentication.

Description of changes

  • Added INBOUND_FEDERATION operation to UserPoolOperation class
  • Implemented Lambda trigger configuration with V1_0 version support only (as per AWS documentation)
  • Added validation to throw an error if a version other than V1_0 is specified
  • Updated README with usage examples and documentation link

Describe any new or updated permissions being added

None

Description of how you validated changes

add both unit and integ tests

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

badmintoncryer and others added 2 commits February 22, 2026 20:38
@badmintoncryer @claude
feat(cognito): add inbound federation Lambda trigger support
d2b2619 
Add support for the inbound federation Lambda trigger in Cognito User Pool.
This trigger allows transforming and customizing federated user attributes
during authentication, useful for modifying large group attributes from
external SAML or OIDC providers that exceed Cognito's 2,048 character limit.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@badmintoncryer
Merge remote-tracking branch 'origin/main' into inbound-federation
1c00488
@github-actions github-actions bot added the p2 label Feb 25, 2026
@aws-cdk-automation aws-cdk-automation requested a review from a team February 25, 2026 12:26
@github-actions github-actions bot added the distinguished-contributor [Pilot] contributed 50+ PRs to the CDK label Feb 25, 2026
aws-cdk-automation
aws-cdk-automation previously requested changes Feb 25, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This review is outdated)

@aws-cdk-automation aws-cdk-automation added the pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes. label Feb 25, 2026
@badmintoncryer badmintoncryer marked this pull request as draft February 25, 2026 13:01
@badmintoncryer
feat(cognito): add integration test for user pool inbound federation …
d5feb86 
…with lambda triggers

- Implemented an integration test for AWS Cognito user pools to verify inbound federation functionality.
- Created a Lambda function to handle inbound federation requests.
- Configured two user pools: one using the lambdaTriggers property and another using the addTrigger method.
- Added assertions to validate the Lambda configuration in both user pools.
@badmintoncryer
feat(cognito): update README to include lambdaTriggers for inbound fe…
cd3d486 
…deration
@aws-cdk-automation aws-cdk-automation dismissed their stale review February 25, 2026 13:56

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 25, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results48 ran48 passed
TestResult
No test annotations available

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 25, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results with resolved templates48 ran48 passed
TestResult
No test annotations available

@badmintoncryer badmintoncryer marked this pull request as ready for review February 25, 2026 13:56
@badmintoncryer @claude
fix(cognito): suppress awslint prefer-ref-interface for inboundFedera…
453abbb 
…tion trigger

The inboundFederation trigger requires IFunction (not IFunctionRef) because
addLambdaPermission calls fn.addPermission(), consistent with all other triggers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@pahud pahud mentioned this pull request Feb 26, 2026
Open
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Feb 26, 2026
@badmintoncryer badmintoncryer changed the title feat(cognito): add inbound federation Lambda trigger support feat(cognito): inbound federation Lambda trigger Feb 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

distinguished-contributor [Pilot] contributed 50+ PRs to the CDK p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@badmintoncryer @aws-cdk-automation