5. Grant Admin Access

Grant yourself Alien Attack Administrator privileges

We found a pile of notes on the desk of the UnicornGames Solutions Architect. On the top of these notes is a post-it note that says “Use the AWS CLI to make yourself an application administrator”. When we looked further, we saw that these notes contained steps about how to make yourself an administrator in Cognito.

Hint: Click here to see a diagram of your broken architecture.

Let’s try to follow these steps…

Find your Amazon Cognito User Pool ID:

  1. From your AWS Management Console, visit the Amazon Cognito Console. Make sure you are still in the region you chose at the beginning of this workshop.
  2. Click on the button Manage User Pools and select the User Pool named after the Environment Name you chose.
  3. Copy the Pool Id located at the top of the page and paste the value in a local text editor for later.

    For this workshop, we recommend using Cloud9 to access the AWS CLI; however, you can also perform these tasks from a terminal in your personal computer with AWS CLI credentials properly configured for administrator access.

Using the AWS CLI inside of your AWS Cloud9 terminal, add your Alien Attack user to the Cognito Managers group:

  1. Navigate to the terminal window inside your AWS Cloud9 environment.
  2. Run the following command to add your user to the Cognito group Managers. Replace the values <user-pool-id>, <username-that-you-used-to-register> and <region> with the correct information from your environment. This command will give you access to the Scoreboard Manager resources.

    aws cognito-idp admin-add-user-to-group --user-pool-id <user-pool-id> --username <username-that-you-used-to-register> --group-name Managers --region <region>
    
  3. Visit the Manager Console tab in your browser, refresh the page, and attempt to access this page again. It looks like we are getting a different error now. Are you seeing a ParameterNotFound: null error? If so, let’s proceed to the next step to solve it.

Stuck? Click here for a Fast Fix

Note: This fix worked, but ideally we would not want to have to add administrators to a newly deployed environment manually (either from the AWS CLI or from the Console). Is there a way that we can automatically deploy new environments with an administrator user? Let’s keep thinking about this problem, we might need to implement this functionality in a future step.