I can not connect to my app client. The following is the code I use:

const AWS = require('aws-sdk');
    // AWS.config.region = 'ap-southeast-2'
    AWS.config.update({ region: 'ap-southeast-2' });
    try {
        var params = {
            AuthFlow: 'ADMIN_NO_SRP_AUTH',
             ClientId: process.env.COGNITO_CLIENT_ID,
            UserPoolId: process.env.COGNITO_USER_POOL_ID,

            AuthParameters: {
                email: "na****@*****",
                password: "********",
            }
        };
        console.debug("params: ", params)
//{apiVersion: '2016-04-18'}

        var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();

        const res = await cognitoidentityserviceprovider.adminInitiateAuth(params, function (err, data) {
            if (err) {
                console.debug("error adminInitiateAuth. params: ", params);
                console.log("err: ", err);
                
    return { props: { data } }
            } else {

The output is:

err:  ResourceNotFoundException: User pool client ******* does not exist

I am this close to start crying like a baby if this doesnt work

I can not connect to my app client. The following is the code I use:

const AWS = require('aws-sdk');
    // AWS.config.region = 'ap-southeast-2'
    AWS.config.update({ region: 'ap-southeast-2' });
    try {
        var params = {
            AuthFlow: 'ADMIN_NO_SRP_AUTH',
             ClientId: process.env.COGNITO_CLIENT_ID,
            UserPoolId: process.env.COGNITO_USER_POOL_ID,

            AuthParameters: {
                email: "na****@*****.",
                password: "********",
            }
        };
        console.debug("params: ", params)
//{apiVersion: '2016-04-18'}

        var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();

        const res = await cognitoidentityserviceprovider.adminInitiateAuth(params, function (err, data) {
            if (err) {
                console.debug("error adminInitiateAuth. params: ", params);
                console.log("err: ", err);
                
    return { props: { data } }
            } else {

The output is:

err:  ResourceNotFoundException: User pool client ******* does not exist

I am this close to start crying like a baby if this doesnt work

• javascript
• node.js
• amazon-web-services
• amazon-cognito

• 2 Are you sure you have correct UserPoolId or it's in ap-southeast-2? The error is quite straight forward. Also change(if different) it to ap-southeast-2 the region in your aws cli config. – Riz Commented Apr 10, 2022 at 23:01

4 Answers 4

The error was telling me to check the client id.

The problem was the AWS config. It doesnt matter if I was developing in JS and using VS studio... the app was using my Windows 10 AWS credentials.

I changed the AWS.config by code and now it detects everything.

const AWS = require('aws-sdk'); AWS.config.update({ region: 'ap-southeast-2' }); AWS.config.credentials.accessKeyId = process.env.AWS_IAM_ACCESS_KEY_ID AWS.config.credentials.secretAccessKey = process.env.AWS_IAM_SECRET_ACCESS_KEY

After doing a little digging, I found that in my case (using SAM to test), as long as I provided the accessKeyId and secretAccessKey in the credentials file in the .aws directory, I didn't need to add them into the code itself.

The actual problem that was causing AWS to not recognize the client id was that for some reason, my environment wasn't retrieving the region from the profile I specified in ~/.aws/config. It was just using the region of the default profile, which obviously wasn't the right region.

Therefore, if anyone's interested in a solution where you don't have to explicitly set the id, key, or region in your code, follow the following steps to create an aws profile that your local environment will detect automatically:

1. Make a directory .aws in the root of your user folder of your puter. Inside, there should be 2 files credentials and config. No file extensions.
2. In the config file, you're going to set up region and output:

   [default] # this is the profile your system will default to
   region = <insert region>
   output = json
   
   [profile someNamedProfile]
   region = <insert region>
   output = json
   

3. In the credentials file, set up your accessKeyId and secretAccessKey:

   [default]
   aws_access_key_id = <some access key id>
   aws_secret_access_key = <some secret access key>
   
   [someNamedProfile]
   aws_access_key_id = <some access key id>
   aws_secret_access_key = <some secret access key>
   

Now here's the catch. For some reason, SAM doesn't pick up the region of the named profile. It only picks up the accessKeyId and secretAccessKey from the credentials file. Therefore, if you want your environment to use the proper region, you'll have to make the profile that you want to currently use be the default profile in the config and credentials files. Doing this will make SAM automatically pick up the right region, etc.

I thought that if I used initiate_auth method at first and take the response into a client variable, I could call list_groups method from client variable. But, it is necessary to set a default profile into ~/.aws/credentials with aws_access_key_id, aws_secret_access_key and role_arn.

[default]
aws_secret_key_id = "asdfsafas"
aws_secret_access_key = "asdfsfs"
role_arn = "arn:aws:iam......:role:blablabla"

In my case, check that your client id still exists.

As you can't really rename a pool client, you have to tear down the old user pool client, and then make a new user pool client, which obviously makes a new client id.