Post confirmation Lambda trigger - Amazon Cognito

Post confirmation Lambda trigger

Amazon Cognito invokes this trigger after a new user is confirmed, allowing you to send custom messages or to add custom logic. For example, you could use this trigger to gather new user data.

The request contains the current attributes for the confirmed user.

Post confirmation Lambda flows

Client confirm sign-up flow

                    Client confirm sign-up flow

Server confirm sign-up flow

                    Server confirm sign-up

Confirm forgot password flow

                    Confirm forgot password flow

Post confirmation Lambda trigger parameters

These are the parameters that Amazon Cognito passes to this Lambda function along with the event information in the common parameters.

{ "request": { "userAttributes": { "string": "string", . . . }, "clientMetadata": { "string": "string", . . . } }, "response": {} }

Post confirmation request parameters


One or more key-value pairs representing user attributes.


One or more key-value pairs that you can provide as custom input to the Lambda function that you specify for the post confirmation trigger. You can pass this data to your Lambda function by using the ClientMetadata parameter in the following API actions: AdminConfirmSignUp, ConfirmForgotPassword, ConfirmSignUp, and SignUp.

Post confirmation response parameters

No additional return information is expected in the response.

User confirmation tutorials

The post confirmation Lambda function is triggered just after Amazon Cognito confirms a new user. See these user confirmation tutorials for JavaScript, Android, and iOS.

Platform Tutorial
JavaScript Identity SDK Confirm users with JavaScript
Android Identity SDK Confirm users with Android
iOS Identity SDK Confirm users with iOS

Post confirmation example

This example Lambda function sends a confirmation email message to your user using Amazon SES. For more information see Amazon Simple Email Service Developer Guide.

var aws = require('aws-sdk'); var ses = new aws.SES(); exports.handler = (event, context, callback) => { console.log(event); if ( { sendEmail(, "Congratulations " + event.userName + ", you have been confirmed: ", function(status) { // Return to Amazon Cognito callback(null, event); }); } else { // Nothing to do, the user's email ID is unknown callback(null, event); } }; function sendEmail(to, body, completedCallback) { var eParams = { Destination: { ToAddresses: [to] }, Message: { Body: { Text: { Data: body } }, Subject: { Data: "Cognito Identity Provider registration completed" } }, // Replace source_email with your SES validated email address Source: "<source_email>" }; var email = ses.sendEmail(eParams, function(err, data){ if (err) { console.log(err); } else { console.log("===EMAIL SENT==="); } completedCallback('Email sent'); }); console.log("EMAIL CODE END"); };

Amazon Cognito passes event information to your Lambda function. The function then returns the same event object to Amazon Cognito, with any changes in the response. In the Lambda console, you can set up a test event with data that is relevant to your Lambda trigger. The following is a test event for this code sample:

{ "request": { "userAttributes": { "email": "", "email_verified": true } }, "response": {} }