Change user pool to have username

iac/resources/quicksight-access.yml

@@ -60,15 +60,9 @@ QuicksightAccessUserPool:
     EnabledMfas:
       - SOFTWARE_TOKEN_MFA
     MfaConfiguration: 'ON'
-    Schema:
-      - AttributeDataType: String
-        Mutable: true
-        Name: quicksight_username
     UserAttributeUpdateSettings:
       AttributesRequireVerificationBeforeUpdate:
         - email
-    UsernameAttributes:
-      - email
     UserPoolName: !Sub ${Environment}-dap-quicksight-access-pool
 
 QuicksightAccessUserPoolClient:
@@ -91,7 +85,7 @@ QuicksightAccessUserPoolClient:
       - email
       - email_verified
       - sub
-      - custom:quicksight_username
+      - username
     SupportedIdentityProviders:
       - COGNITO
     UserPoolId: !Ref QuicksightAccessUserPool

src/handlers/cognito-quicksight-access/handler.spec.ts

@@ -19,10 +19,9 @@ const TOKEN_RESPONSE: TokenResponse = {
 
 const USER_INFO_RESPONSE: UserInfoResponse = {
   sub: '07ad51f5-d89b-4936-9b8a-c9b24f7430be',
-  username: '07ad51f5-d89b-4936-9b8a-c9b24f7430be',
   email: '[email protected]',
   email_verified: 'true',
-  'custom:quicksight_username': 'test-user',
+  username: 'test-user',
 };
 
 const EMBED_URL = 'https://eu-west-2.quicksight.aws.amazon.com/embedding/.../start?code=...';
@@ -81,7 +80,7 @@ test('success', async () => {
       return { ok: true, json: async () => USER_INFO_RESPONSE };
     });
 
-  const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE['custom:quicksight_username']}`;
+  const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE.username}`;
 
   mockQuicksightClient
     .rejects()
@@ -177,7 +176,7 @@ test('quicksight error', async () => {
     .mockResolvedValueOnce({ ok: true, json: async () => TOKEN_RESPONSE })
     .mockResolvedValueOnce({ ok: true, json: async () => USER_INFO_RESPONSE });
 
-  const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE['custom:quicksight_username']}`;
+  const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE.username}`;
 
   const errorMessage = 'Quicksight error';
   mockQuicksightClient.rejects(errorMessage);
@@ -200,7 +199,7 @@ test('undefined embed url', async () => {
     .mockResolvedValueOnce({ ok: true, json: async () => TOKEN_RESPONSE })
     .mockResolvedValueOnce({ ok: true, json: async () => USER_INFO_RESPONSE });
 
-  const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE['custom:quicksight_username']}`;
+  const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE.username}`;
 
   mockQuicksightClient.resolves({ EmbedUrl: undefined });
 

src/handlers/cognito-quicksight-access/handler.ts

@@ -25,7 +25,7 @@ export interface UserInfoResponse {
   sub: string;
   email: string;
   email_verified: string;
-  'custom:quicksight_username': string;
+  username: string;
 }
 
 export const handler = async (event: APIGatewayProxyEventV2): Promise<APIGatewayProxyResultV2> => {
@@ -42,7 +42,7 @@ export const handler = async (event: APIGatewayProxyEventV2): Promise<APIGateway
   try {
     const tokens = await callTokenEndpoint(event.requestContext.domainName, code);
     const userInfo = await callUserInfoEndpoint(tokens);
-    const embedUrl = await getEmbedUrl(event.requestContext.accountId, userInfo['custom:quicksight_username']);
+    const embedUrl = await getEmbedUrl(event.requestContext.accountId, userInfo.username);
     return {
       statusCode: 302, // temporary redirect (instead of permanent 301) to avoid browser caching
       headers: {