Hi, I was wondering can I import already existing ...
# help
Hi, I was wondering can I import already existing Auth cognito?
Hey @Gabriel, is the cognito user pool you are trying to import created in the same SST app?
@Frank no it has been created manually in the AWS. I can see the CDK supports importing https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/aws-cognito#importing-user-pools by const awesomePool = cognito.UserPool.fromUserPoolId(this, 'awesome-user-pool', 'us-east-1_oiuR12Abd');
@Gabriel, yes you can import an existing UserPool using the command above. But no CDK does not allow using an imported UserPool and hooking it up to IdentityPool (at least not out of the box).
Let me take a crack at it and see if I can put something together.
Oh btw, you won’t be able to configure triggers to an imported UserPool. Is that okay with you?
ah ok. but as an alternative can I import just the IdentityPool ? I mean my current setup is that I have AWS amplify app that has cognito connected. (via Identity pool) Cognito then has a bunch of triggers for registration and web_app_client and native_app_client and oath2 enabled (data.read and data.write custom scopes) what this allowed then that the authorizer in the API gateway can accept the IdTokens.
hmm.. I’ve often see two types of Cognito setup: 1. Using both UserPool + IdentityPool, and uses IAM authorization for the API 2. Using only UserPool, and uses authorizer authorization for the API
It’s not clear to me which setup you are adopting. 🤔
Let me know.
ah ok I think im getting confused. its because my amplify frontend is using the user pool + identity pool (because you need both for the amplify analytics kinesis stream to work) and then the API is using authorizer which points to userpool (which has oath enabled so it can authorize IdTokens)
Ah I see. That makes sense. And are you looking to create an API in SST, and import the user pool so you can setup authorizers?
@Frank yes that was what I was thinking about. since otherwise I would have to migrate existing users (which can be done, but if I could just import the userpool that would be great)
You can try something like this:
Copy code
import { HttpUserPoolAuthorizer } from "@aws-cdk/aws-apigatewayv2-authorizers";

const userPool = cognito.UserPool.fromUserPoolId(this, 'my-pool', 'us-east-1_oiuR12Abd');

const userPoolClient = cognito.UserPoolClient.fromUserPoolClientId(this, "my-client', '...');

new Api(this, "Api", {
  defaultAuthorizationType: ApiAuthorizationType.JWT,
  defaultAuthorizer: new HttpUserPoolAuthorizer({
  defaultAuthorizationScopes: ["user.id", "user.email"],
  routes: {
    "GET /notes": "src/list.main",
Hi @Gabriel, it’s been a long while, hope you are doing great! I wanted to keep you posted that we just released v0.66.0 with support for importing existing User Pool into
. Here’s an example https://docs.serverless-stack.com/constructs/Auth#importing-an-existing-user-pool
Thanks for the update