Definitely newB question … i’m not succeeding in changing the Api-Auth-Cognito example to use an existing User Pool / Identity Pool. MyStack.js has been updated as follows to use the specific UserPool and UserPoolClient this.auth = new sst.Auth(this, “Auth”, { cognito: { userPool: UserPool.fromUserPoolId (this, “IUserPool”, “us-east-XXXXXXXXXXX”), // matches user-pool-id below userPoolClient: UserPoolClient.fromUserPoolClientId (this, “IUserPoolClient”, “YYYYYYYYYYYYYYYYYYYYYYYYYY”), // matches app-client-id below } }); The app has been added as a client for this User Pool. The output from invoking the function is: npx: installed 114 in 10.2s Authenticating with User Pool Getting temporary credentials Token is not from a supported provider of this identity pool. I assume that means that the user was authenticated but not a member of the relevant identity pool. The function is invoked using the following script npx aws-api-gateway-cli-test \ --username=‘XXXX@CCC.com’ \ --password=‘XXXXXXXX’ \ --user-pool-id=‘us-east-XXXXXXXXXXX’ \ --app-client-id=‘YYYYYYYYYYYYYYYYYYYYYYYYYY’ \ --cognito-region=‘us-east-1’ \ --identity-pool-id=‘us-east-1:AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA’ \ --invoke-url=‘https://XXXXXXXXXX.execute-api.us-east-1.amazonaws.com’ \ --api-gateway-region=‘us-east-1’ \ --path-template=‘/private’ \ --method=‘GET’ Note that the results when starting the server (“yarn start”) are: Outputs: ApiEndpoint: https://XXXXXXXXXX.execute-api.us-east-1.amazonaws.com IdentityPoolId: us-east-1:ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ UserPoolClientId: YYYYYYYYYYYYYYYYYYYYYYYYYY UserPoolId: us-east-XXXXXXXXXXX Of note is that the IdentityPoolId doesn’t match what is specified in the launch script. Questions: 1) Is there an example of using an existing User Pool which I look to as reference? 2) If the issue is that the IdentityPoolId’s do not match, is there an example which demonstrates how to do this? 3) Is there another issue, which this newB needs to address? @Frank

Hey @Dan Schwartz, yeah the identity pool id needs to match to that in the Outputs. ie.

--identity-pool-id='us-east-1:ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ'

Thanks Frank. A new issue when I match the ID pool id npx: installed 114 in 18.332s Authenticating with User Pool Getting temporary credentials Making API request { status: 403, statusText: ‘Forbidden’, data: { message: ‘Forbidden’ } }

which version of SST r u using

Embarrassingly, I don’t seem to be able to find a command to determine which.

Ah glad u figured it out!