Serverless is an execution model. I got started with Serverless while I was working with Cognito and came across the case described below.
The problem
I used Cognito as a user directory that provides sing up and sing in options for a mobile application. The setup of the user pool has the below characteristics:
- The username is the email of the user
- Verification code sent to mobile phone number.
In the below image we can see an overview of the User account state transitions
So as soon as the user inputs the information needed, an entry will be created in the pool. The newly created user will be in the Registered state. The basic characteristics of this state is that user can not login until their phone number has been verified. Moreover, according to Cognito documentation, accounts in this state can only update their details, like for example the phone number, by contacting the administrator.
In the case of the below scenario:
If the user enters a wrong mobile number, the verification SMS will never reach them and the new account will not be verified. Since the email of the user is also the username, a new account can not be created with the same email and the correct phone number.
We end up with the following problem:
The only way for the registration to go forward and enable the user to use the application is by contacting the administrator, which costs some extra money on both sides.
The Solution
I chose to implement an AWS Lambda function, that will delete an unverified user given the email. The function is behind API Gateway and can be invoked through HTTP. The application will call it every time a new registration is happening and as soon the user has provide their email.
The following articles document my small experience in programming & packaging a Lambda function to AWS Cloud.