PreSignedUrl of createImportJob cant upload file .csv

[khanwilson]

Describe the issue

i have downloaded template.csv and include some row data in.
i want create job import users by aws sdk, by that step:

• create CognitoIdentityServiceProvider
• use provider.createUserImportJob(params) with params: JobName, UserPoolId, CloudWatchLogsRoleArn.
• get PreSignedUrl from response createUserImportJob.
  call Put (by axios, postman) with header 'Content-Type': 'text/csv'. when time has valid but i always got 403

<Code>SignatureDoesNotMatch</Code>
   <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>

• got that error so i cant run startImportJob.

---

With params of createUserImportJob, i have do manually on Amazon Cognito>User pools>my pool>Create import job. It run oke.
beside, i have check is my S3, i dont see any bucket name like https://aws-cognito-idp-user-import-lhr.s3.eu-west-2.amazonaws.com of first part in url PreSignedUrl. Why, createUserImportJob created link like that.

Please explain this problem, and help me solve it :(

Links

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#createUserImportJob-property

[aBurmeseDev]

Hi @khanwilson - thanks for reaching out.

• create CognitoIdentityServiceProvider
• use provider.createUserImportJob(params) with params: JobName, UserPoolId, CloudWatchLogsRoleArn.
• get PreSignedUrl from response createUserImportJob.

When you call the createUserImportJob method, Amazon Cognito generates a pre-signed URL for you to upload the CSV file to an S3 bucket. This pre-signed URL includes a signature that is calculated based on your AWS credentials and other request parameters.

• call Put (by axios, postman) with header 'Content-Type': 'text/csv'. when time has valid but i always got 403 SignatureDoesNotMatch
• The request signature we calculated does not match the signature you provided. Check your key and signing method.

When you try to upload the CSV file using a tool like Postman or Axios, you need to ensure that the request is sent exactly as specified in the pre-signed URL, including the headers and the request body. Any deviation from the expected request format will result in a SignatureDoesNotMatch error as the signature calculated by AWS will not match the signature you provided.

• beside, i have check is my S3, i dont see any bucket name like "https://aws-cognito-idp-user-import-lhr.s3.eu-west-2.amazonaws.com/" of first part in url PreSignedUrl. Why, createUserImportJob created link like that.

Regarding the S3 bucket name in the pre-signed URL, Amazon Cognito uses an internal S3 bucket managed by the service for user import jobs. This bucket is not visible in your AWS account and you cannot access it directly. The pre-signed URL includes a bucket name like aws-cognito-idp-user-import-lhr.s3.eu-west-2.amazonaws.com which is a bucket used by the Cognito service.

Here are a few suggestions:

• Check the pre-signed URL expiration: Pre-signed URLs have a limited validity period typically a few hours. If the URL has expired, you will receive a SignatureDoesNotMatch error.
• Verify the request headers: Ensure that you're sending the Content-Type: text/csv header exactly as specified in the pre-signed URL. Any deviation in the header name or value will cause a signature mismatch.
• Use the AWS SDK or AWS CLI: Instead of using a third-party tool like Postman or Axios, you can try uploading the CSV file using AWS SDK or AWS CLI. We handle the signature calculation automatically reducing the chances of errors.
• Check the AWS credentials: Ensure that you're using the correct AWS credentials (access key and secret key) when creating the Cognito Identity Provider client. Incorrect or expired credentials can cause signature mismatches.

Hope it helps.
Best,
John

[khanwilson]

Hi @khanwilson - thanks for reaching out.

• create CognitoIdentityServiceProvider
• use provider.createUserImportJob(params) with params: JobName, UserPoolId, CloudWatchLogsRoleArn.
• get PreSignedUrl from response createUserImportJob.

When you call the createUserImportJob method, Amazon Cognito generates a pre-signed URL for you to upload the CSV file to an S3 bucket. This pre-signed URL includes a signature that is calculated based on your AWS credentials and other request parameters.

• call Put (by axios, postman) with header 'Content-Type': 'text/csv'. when time has valid but i always got 403 SignatureDoesNotMatch
• The request signature we calculated does not match the signature you provided. Check your key and signing method.

When you try to upload the CSV file using a tool like Postman or Axios, you need to ensure that the request is sent exactly as specified in the pre-signed URL, including the headers and the request body. Any deviation from the expected request format will result in a SignatureDoesNotMatch error as the signature calculated by AWS will not match the signature you provided.

• beside, i have check is my S3, i dont see any bucket name like "https://aws-cognito-idp-user-import-lhr.s3.eu-west-2.amazonaws.com/" of first part in url PreSignedUrl. Why, createUserImportJob created link like that.

Regarding the S3 bucket name in the pre-signed URL, Amazon Cognito uses an internal S3 bucket managed by the service for user import jobs. This bucket is not visible in your AWS account and you cannot access it directly. The pre-signed URL includes a bucket name like aws-cognito-idp-user-import-lhr.s3.eu-west-2.amazonaws.com which is a bucket used by the Cognito service.

Here are a few suggestions:

• Check the pre-signed URL expiration: Pre-signed URLs have a limited validity period typically a few hours. If the URL has expired, you will receive a SignatureDoesNotMatch error.
• Verify the request headers: Ensure that you're sending the Content-Type: text/csv header exactly as specified in the pre-signed URL. Any deviation in the header name or value will cause a signature mismatch.
• Use the AWS SDK or AWS CLI: Instead of using a third-party tool like Postman or Axios, you can try uploading the CSV file using AWS SDK or AWS CLI. We handle the signature calculation automatically reducing the chances of errors.
• Check the AWS credentials: Ensure that you're using the correct AWS credentials (access key and secret key) when creating the Cognito Identity Provider client. Incorrect or expired credentials can cause signature mismatches.

Hope it helps. Best, John

• i have checked my case, my Pre-signed has not expired, header like img i was attached above it has Content-Type: text/csv.
  i tried with axios or https like

const csvContent = file.buffer;
const response = await axios.put(preSignedUrl, csvContent, {
        headers: {
          'Content-Type': 'text/csv',
        },
      });

but, i still got the same SignatureDoesNotMatch error.

• i check AWS credentials, my project has use accessKeyId and secretAccessKey of IAM>Users account has that permissions below, im not sure that is enough for this case: createImportJob > uploadCsvToS3 > startImportJob.

[aBurmeseDev]

Can you share your code to help us understand the issue better?

[bk-harish]

@aBurmeseDev
I am also getting this error and still unable to resolve it.
Did you find any solution to this problem?

[zshzbh]

Hey @bk-harish,

The AWS SDK for JavaScript v2 has entered maintenance mode on September 8, 2024 and will be reaching end-of-support on September 8, 2025. During maintenance mode, AWS will limit SDK releases to address critical bug fixes and security issues only. The SDK will not receive API updates for new or existing services, or be updated to support new regions.

We recommend that you migrate to AWS SDK for JavaScript v3.

The AWS SDK for JavaScript v3 is the latest and recommended version, which has been GA since December 2020. Here is why and how you should use AWS SDK for JavaScript v3. You can try our migration scripts in aws-sdk-js-codemod to migrate your application from v2 to v3.

To get help with your migration, please follow our general guidelines to open an issue and choose guidance. To give feedback on and report issues in the v3 repo, please refer to Giving feedback and contributing.

If you are facing this issue in js sdk v3, please open a ticket in https://github.com/aws/aws-sdk-js-v3.

[bk-harish]

Hi @zshzbh,
I migrated my code from v3 to v3 and still getting the same issue when trying to upload the file to the resigned URL received in the response of createUserImportJob method.

[zshzbh]

I have transferred this issue to js sdk v3 repo.

@bk-harish Could you please send us the minimal code reproduction?

Thanks!
Maggie

[bk-harish]

const { CognitoIdentityProviderClient,
    ListUsersCommand,
    AdminCreateUserCommand,
    AdminUpdateUserAttributesCommand,
    adminGetUserCommand,
    CreateUserImportJobCommand,
    startUserImportJobCommand,
    adminDisableUserCommand,
    adminDeleteUserCommand
} = require("@aws-sdk/client-cognito-identity-provider"),
    fetch = require('node-fetch');

const userPoolId = process.env.AWS_USER_POOL_ID,
    cloud_watch_arn = process.env.AWS_CLOUD_WATCH_ARN;

// Initialize CognitoIdentityServiceProvider.
const cognito = new CognitoIdentityProviderClient({
    UserPoolId: userPoolId,
    "region": process.env.AWS_COGNITO_REGION,
    credentials: {
        "accessKeyId": process.env.AWS_ACCESS_KEY,
        "secretAccessKey": process.env.AWS_SECRET_ACCESS_KEY
    }
});


// Get list of all Users
exports.getList = (req, res) => {
    try {
        let requestParams = req.body;
        let params = {
            UserPoolId: userPoolId,
            Limit: requestParams.limit_per_page ? requestParams.limit_per_page : 10
        };
        if (requestParams.next_page_token) {
            params.PaginationToken = requestParams.next_page_token;
        }
        cognito
        const command = new ListUsersCommand(params);
        return cognito.send(command).then(response => {
            return res.send(response);
        }).catch(exception => {
            console.log('exception get users', exception)
            return res.send({
                message:
                    exception.message || "Some error occurred while retrieving users."
            });
        });
    } catch (exception) {
        res.send(exception);
    }
};

//Add bulk user into cognito user pool
exports.addUserBulk = async (req, res) => {

    let userParams = req.body;
    let bulkUserFile = req.file ? req.file : false
    if (!bulkUserFile) {
        res.status(500).send({
            message: "For adding users in bulk, file is requried. "
        });
    }
    userParams;
    try {
        let payload = {
            UserPoolId: userPoolId,
            JobName: `${new Date().getTime()}_bulkUserUpload`,
            CloudWatchLogsRoleArn: cloud_watch_arn
        }
        let command = new CreateUserImportJobCommand(payload);
        return await cognito.send(command).then(async result => {

            let userImportJob = result.UserImportJob;
            if (userImportJob && userImportJob.PreSignedUrl) {

                let fileUploadResponse = await uploadFile(bulkUserFile, userImportJob.PreSignedUrl);
                if (fileUploadResponse.ok) {
                    console.log('File uploaded successfully!');
                    let jobParams = {
                        UserPoolId: userPoolId,
                        JobId: userImportJob.JobId
                    }
                    let startJobCommand = new startUserImportJobCommand(jobParams);
                    return await cognito.send(startJobCommand).then(result => {
                        return res.send(result);
                    }).catch(exception => {
                        console.log('exception start improt job', exception)
                        return res.send({
                            message:
                                exception.message || "Some error occurred while importing users."
                        });
                    });
                } else {
                    console.error('File upload failed:', fileUploadResponse.statusText);
                    return res.send(fileUploadResponse);
                }
            }
        }).catch(exception => {
            console.log('exception create import job', exception)
            return res.send({
                message:
                    exception.message || "Some error occurred while importing users."
            });
        });
    } catch (exception) {
        return res.send(exception);
    }
}

const uploadFile = async (file, presignedUrl) => {

    const response = await fetch(presignedUrl, {
        method: 'POST',
        body: file.buffer, // The file object
        headers: {
            'Content-Type': "text/csv"
    }).then(uploadResult => {
        return uploadResult.text();
    })
        .then(response => {
            console.log(response);
            return response;
        })
        .catch(exception => {
            console.log(exception);
            return exception;
        });

    return response;
};

Calling the function addUserBulk through API endpoint which is returning following error

<?xml version="1.0" encoding="UTF-8"?>\n<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>ASIA23GU7GYRRMZIPIQP</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256\n20241119T162817Z\n20241119/us-east-1/s3/aws4_request\neddb40d8146c41fcab3c8886cd51bb8cde0c855b3bc7e9840cd7c79bb21e87b1</StringToSign><SignatureProvided>f035f34ca28ff7466318760a33ac71bc4c868a0e39daa1ea7343d…72 74 2d 69 61 64 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 73 65 72 76 65 72 2d 73 69 64 65 2d 65 6e 63 72 79 70 74 69 6f 6e 3a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 73 65 72 76 65 72 2d 73 69 64 65 2d 65 6e 63 72 79 70 74 69 6f 6e 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44</CanonicalRequestBytes><RequestId>EG9MV2BDN979CBQA</RequestId><HostId>kVHbeEpt27fLsH1ilkJjE4KskYbUwORUWcAqQ6/DWY59NGIYCKIboBW3JocOoB3Hfl7JBMNCRnuz63E1O8DvG64wtmYiYaAR</HostId></Error>

[bk-harish]

@zshzbh
Any update on this issue?
Were you able to reproduce the issue using the code I shared?

[zshzbh]

Hey @bk-harish ,

I can reproduce this issue. I have a simplified reproduction and this is the code I have -

import { 
    CognitoIdentityProviderClient,
    CreateUserImportJobCommand,
    StartUserImportJobCommand
} from "@aws-sdk/client-cognito-identity-provider";

import fetch from 'node-fetch';
import fs from 'fs/promises';

const userPoolId = "us-east-1_XXXXXXX";
const cloud_watch_arn = "arn:aws:iam::XXXXXX:role/CognitoUserImportCloudWatchRole";

const cognito = new CognitoIdentityProviderClient({
    region: "us-east-1",
});

// Function to create CSV content in Cognito's required format
async function createUserImportCSV() {
    // CSV must follow Cognito's format with specific headers
    const csvContent = `cognito:username,email,given_name,family_name,phone_number,email_verified,phone_number_verified
[email protected],[email protected],Test,User1,+12345678901,TRUE,TRUE
[email protected],[email protected],Test,User2,+12345678902,TRUE,TRUE`;

    await fs.writeFile('users_import.csv', csvContent);
    console.log('Sample CSV file created: users_import.csv');
    return csvContent;
}

// Function to upload file using presigned URL
async function uploadFile(presignedUrl, fileContent) {
    try {
        const response = await fetch(presignedUrl, {
            method: 'PUT',
            body: fileContent,
            headers: {
                'Content-Type': 'text/csv',
                'x-amz-server-side-encryption': 'aws:kms'
            }
        });

        if (!response.ok) {
            const text = await response.text();
            throw new Error(`Upload failed: ${text}`);
        }

        console.log('File uploaded successfully');
        return response;
    } catch (error) {
        console.error('Error uploading file:', error);
        throw error;
    }
}

// Main function to handle user import
async function importUsers() {
    try {
        // Create the import job
        const timestamp = new Date().getTime();
        const jobName = `bulk_import_${timestamp}`;

        const createJobCommand = new CreateUserImportJobCommand({
            UserPoolId: userPoolId,
            JobName: jobName,
            CloudWatchLogsRoleArn: cloud_watch_arn
        });

        console.log('Creating import job...');
        const createJobResponse = await cognito.send(createJobCommand);
        const importJob = createJobResponse.UserImportJob;

        if (!importJob || !importJob.PreSignedUrl) {
            throw new Error('Failed to get presigned URL');
        }

        console.log('Import job created:', {
            JobId: importJob.JobId,
            JobName: importJob.JobName,
            Status: importJob.Status
        });

        // Create and upload the CSV file
        console.log('Creating CSV content...');
        const csvContent = await createUserImportCSV();

        // Upload the file using presigned URL
        console.log('Uploading file...');
        await uploadFile(importJob.PreSignedUrl, csvContent);

        // Start the import job
        console.log('Starting import job...');
        const startJobCommand = new StartUserImportJobCommand({
            UserPoolId: userPoolId,
            JobId: importJob.JobId
        });

        const startJobResponse = await cognito.send(startJobCommand);
        console.log('Import job started:', startJobResponse);

        return {
            jobId: importJob.JobId,
            status: startJobResponse.UserImportJob.Status
        };
    } catch (error) {
        console.error('Error in importUsers:', error);
        throw error;
    }
}



// Test the import
async function test() {
    try {
        console.log('Starting user import...');
        const result = await importUsers();
        console.log('Import initiated:', result);

        // Optional: Check status after a delay
        if (result.jobId) {
            console.log('Waiting 5 seconds to check status...');
            await new Promise(resolve => setTimeout(resolve, 5000));
            
        }
    } catch (error) {
        console.error('Test failed:', error);
    }
}

// Run the test
test().catch(console.error);

And I got error -

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<AWSAccessKeyId>XXXXX</AWSAccessKeyId>
<StringToSign>AWS4-HMAC-SHA256 XXXXX 20241127/us-east-1/s3/aws4_request XXXXX</StringToSign>
<SignatureProvided>XXXXXX</SignatureProvided>
<StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 34 31 31 32 37 54 30 31 32 30 35 39 5a 0a 32 30 32 34 31 31 32 37 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 36 61 62 30 63 63 32 34 30 64 66 66 62 37 38 66 36 34 38 35 32 64 36 39 61 66 30 30 63 30 62 62 38 38 35 62 34 39 32 39 32 39 34 61 30 31 39 38 63 34 32 32 63 38 36 30 30 30 32 35 65 34 34 34</StringToSignBytes>
<CanonicalRequest>GET /XXXXXXXX/us-east-1_XmXXXXtUx/import-P67oXygSzF X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA23GU7GYR5BNWQGHL%2F20241127%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241127T012059Z&X-Amz-Expires=899&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJD%2F%2F%2F%2F%2F%2F%2F%2F%2F%XXXXX%2B9d4OiGyCW3YLTvwqsQUIORAFGgw3NDU2MjM0Njc1NTUiDMERJn9VppgPurIYvyqOBQiD2M%2BgBI2exD8irNtlDYSOtEvJbncJ5obt6fm8L0UOisD3NxcmVXY1t12VOqj7r04PUK1R%2B3hDOE7voXOU71RymsQYv1X1wvglHj1Ya3Hu995Cocglo2UCI6fihzIV2sKkZHHT178JMBcRD%2B8XMaVH9bdJWNM2Q7gpDwgEFnOwx0W7pLTJ1iJBYh8JgI%2BVxPkdKZvXFfKXOSAe9qIYNM5%2BYibYyEdjxvW%2BIh9VetjtoAE4vWLNJia9b9fE64IejNuwNhTtKPB4UIW2ckLjfnHnEW2uw54o45fr3nJeae3GQv0QJfvLNo%2BPsumhzjaFmIJIVxUH%2BUR6NUIqN5znn%2BFzv8unrO%2FPznhNoXG4FOlDuVlLBrHU%2FIkoJ4LJBqwY6%2FSH7B2JCh6VfTS46EgqTkOiXShaGMj8TfpipdPCtxYjnKrPxqwWGOPKfxDGt1Cn93B9FIunTkgmy2dslRb9GcHRv9B03S0VTWOgSqUdtb6EP3RU49C0wx3dseSXtPgePCCW6274cT%2FhutwHWkBH63j7DUf11pB4ixPUcjPujFvSuvJ0ZmtNQOjNJPrqMDZ9%2FKY8GP9f6Ix6qTVbhGoPXJE6mvBlOaBbacNv6jwI%2Bg11O1JG3uCvO3zi3cRgsQjTPpf%2BnGqnFGxRo2kTm3gEdWvIfg8AFHg2IsrJYcx1YzeFVP64FGOW672GBRE1uKIQv%2FzvYsCoq%2F8crj6TpC6p35yUb3dfZH%2FmlVQtgCNWxjxdQBopFColdBoprtJl18Q%2FVodFnEUJb93uukHgiaaaOK9vi%2FLIbHxezOBvVOVvZSnWQgHrQ1jTcFPYkxF98HbUtkJurv9xAdVXpwAoB76Qc5GT63suuh4EBq4z2dFMFTD3vJm6BjqxAavYRro5uxZ94jqkjIXSAPV820b0DPVpCHYTz4pFEYhZJ4GSfp0N8yoqjOJ6O7NAT6MYEwJwnFnX2lnZ9u5PY4wF89tWLbsTBlZ3iK9FQyUa8a7A3bq6o6DAZgAmCpcn%2Ba0M%2BUPOF%2BeAFfhy5%2B4gDD%2FhniumEMYYHJe40kFHVQZ5pZvViUwZjgtYRemoqr9ZTZqhTcZtr27RUYX9O4Jqtvh0iaY5RYUcx36z441%2BAEkomQ%3D%3D&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption host:aws-cognito-idp-user-import-iad.s3.amazonaws.com x-amz-server-side-encryption: host;x-amz-server-side-encryption UNSIGNED-PAYLOAD</CanonicalRequest>
<CanonicalRequestBytes>47 45 54 0a 2f 34 37 31 31 31 32 36 32 33 32 30 36 2f 75 73 2d 65 61 73 74 2d 31 5f 58 6d 58 68 51 55 74 55 78 2f 69 6d 70 6f 72 74 2d 50 36 37 6f 58 79 67 53 7a 46 0a 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 53 49 41 32 33 47 55 37 47 59 52 35 42 4e 57 51 47 48 4c 25 32 46 32 30 32 34 31 31 32 37 25 32 46 75 73 2d 65 61 73 74 2d 31 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 32 34 31 31 32 37 54 30 31 32 30 35 39 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 38 39 39 26 58 2d 41 6d 7a 2d 53 65 63 75 72 69 74 79 2d 54 6f 6b 65 6e 3d 49 51 6f 4a 62 33 4a 70 5a 32 6c 75 58 32 56 6a 45 4a 44 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 45 61 43 58 56 7a 4c 57 56 68 63 33 51 74 4d 53 4a 48 4d 45 55 43 49 46 66 75 38 65 67 6a 6a 72 55 35 79 34 36 37 48 49 44 6a 48 6b 51 66 4c 38 66 7a 32 33 35 71 34 64 4b 55 72 6b 4c 70 63 53 4e 36 41 69 45 41 39 6d 38 69 65 6c 50 69 70 4c 30 75 47 6d 68 33 4a 56 46 32 64 59 52 35 6f 63 71 25 32 42 39 64 34 4f 69 47 79 43 57 33 59 4c 54 76 77 71 73 51 55 49 4f 52 41 46 47 67 77 33 4e 44 55 32 4d 6a 4d 30 4e 6a 63 31 4e 54 55 69 44 4d 45 52 4a 6e 39 56 70 70 67 50 75 72 49 59 76 79 71 4f 42 51 69 44 32 4d 25 32 42 67 42 49 32 65 78 44 38 69 72 4e 74 6c 44 59 53 4f 74 45 76 4a 62 6e 63 4a 35 6f 62 74 36 66 6d 38 4c 30 55 4f 69 73 44 33 4e 78 63 6d 56 58 59 31 74 31 32 56 4f 71 6a 37 72 30 34 50 55 4b 31 52 25 32 42 33 68 44 4f 45 37 76 6f 58 4f 55 37 31 52 79 6d 73 51 59 76 31 58 31 77 76 67 6c 48 6a 31 59 61 33 48 75 39 39 35 43 6f 63 67 6c 6f 32 55 43 49 36 66 69 68 7a 49 56 32 73 4b 6b 5a 48 48 54 31 37 38 4a 4d 42 63 52 44 25 32 42 38 58 4d 61 56 48 39 62 64 4a 57 4e 4d 32 51 37 67 70 44 77 67 45 46 6e 4f 77 78 30 57 37 70 4c 54 4a 31 69 4a 42 59 68 38 4a 67 49 25 32 42 56 78 50 6b 64 4b 5a 76 58 46 66 4b 58 4f 53 41 65 39 71 49 59 4e 4d 35 25 32 42 59 69 62 59 79 45 64 6a 78 76 57 25 32 42 49 68 39 56 65 74 6a 74 6f 41 45 34 76 57 4c 4e 4a 69 61 39 62 39 66 45 36 34 49 65 6a 4e 75 77 4e 68 54 74 4b 50 42 34 55 49 57 32 63 6b 4c 6a 66 6e 48 6e 45 57 32 75 77 35 34 6f 34 35 66 72 33 6e 4a 65 61 65 33 47 51 76 30 51 4a 66 76 4c 4e 6f 25 32 42 50 73 75 6d 68 7a 6a 61 46 6d 49 4a 49 56 78 55 48 25 32 42 55 52 36 4e 55 49 71 4e 35 7a 6e 6e 25 32 42 46 7a 76 38 75 6e 72 4f 25 32 46 50 7a 6e 68 4e 6f 58 47 34 46 4f 6c 44 75 56 6c 4c 42 72 48 55 25 32 46 49 6b 6f 4a 34 4c 4a 42 71 77 59 36 25 32 46 53 48 37 42 32 4a 43 68 36 56 66 54 53 34 36 45 67 71 54 6b 4f 69 58 53 68 61 47 4d 6a 38 54 66 70 69 70 64 50 43 74 78 59 6a 6e 4b 72 50 78 71 77 57 47 4f 50 4b 66 78 44 47 74 31 43 6e 39 33 42 39 46 49 75 6e 54 6b 67 6d 79 32 64 73 6c 52 62 39 47 63 48 52 76 39 42 30 33 53 30 56 54 57 4f 67 53 71 55 64 74 62 36 45 50 33 52 55 34 39 43 30 77 78 33 64 73 65 53 58 74 50 67 65 50 43 43 57 36 32 37 34 63 54 25 32 46 68 75 74 77 48 57 6b 42 48 36 33 6a 37 44 55 66 31 31 70 42 34 69 78 50 55 63 6a 50 75 6a 46 76 53 75 76 4a 30 5a 6d 74 4e 51 4f 6a 4e 4a 50 72 71 4d 44 5a 39 25 32 46 4b 59 38 47 50 39 66 36 49 78 36 71 54 56 62 68 47 6f 50 58 4a 45 36 6d 76 42 6c 4f 61 42 62 61 63 4e 76 36 6a 77 49 25 32 42 67 31 31 4f 31 4a 47 33 75 43 76 4f 33 7a 69 33 63 52 67 73 51 6a 54 50 70 66 25 32 42 6e 47 71 6e 46 47 78 52 6f 32 6b 54 6d 33 67 45 64 57 76 49 66 67 38 41 46 48 67 32 49 73 72 4a 59 63 78 31 59 7a 65 46 56 50 36 34 46 47 4f 57 36 37 32 47 42 52 45 31 75 4b 49 51 76 25 32 46 7a 76 59 73 43 6f 71 25 32 46 38 63 72 6a 36 54 70 43 36 70 33 35 79 55 62 33 64 66 5a 48 25 32 46 6d 6c 56 51 74 67 43 4e 57 78 6a 78 64 51 42 6f 70 46 43 6f 6c 64 42 6f 70 72 74 4a 6c 31 38 51 25 32 46 56 6f 64 46 6e 45 55 4a 62 39 33 75 75 6b 48 67 69 61 61 61 4f 4b 39 76 69 25 32 46 4c 49 62 48 78 65 7a 4f 42 76 56 4f 56 76 5a 53 6e 57 51 67 48 72 51 31 6a 54 63 46 50 59 6b 78 46 39 38 48 62 55 74 6b 4a 75 72 76 39 78 41 64 56 58 70 77 41 6f 42 37 36 51 63 35 47 54 36 33 73 75 75 68 34 45 42 71 34 7a 32 64 46 4d 46 54 44 33 76 4a 6d 36 42 6a 71 78 41 61 76 59 52 72 6f 35 75 78 5a 39 34 6a 71 6b 6a 49 58 53 41 50 56 38 32 30 62 30 44 50 56 70 43 48 59 54 7a 34 70 46 45 59 68 5a 4a 34 47 53 66 70 30 4e 38 79 6f 71 6a 4f 4a 36 4f 37 4e 41 54 36 4d 59 45 77 4a 77 6e 46 6e 58 32 6c 6e 5a 39 75 35 50 59 34 77 46 38 39 74 57 4c 62 73 54 42 6c 5a 33 69 4b 39 46 51 79 55 61 38 61 37 41 33 62 71 36 6f 36 44 41 5a 67 41 6d 43 70 63 6e 25 32 42 61 30 4d 25 32 42 55 50 4f 46 25 32 42 65 41 46 66 68 79 35 25 32 42 34 67 44 44 25 32 46 68 6e 69 75 6d 45 4d 59 59 48 4a 65 34 30 6b 46 48 56 51 5a 35 70 5a 76 56 69 55 77 5a 6a 67 74 59 52 65 6d 6f 71 72 39 5a 54 5a 71 68 54 63 5a 74 72 32 37 52 55 59 58 39 4f 34 4a 71 74 76 68 30 69 61 59 35 52 59 55 63 78 33 36 7a 34 34 31 25 32 42 41 45 6b 6f 6d 51 25 33 44 25 33 44 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 25 33 42 78 2d 61 6d 7a 2d 73 65 72 76 65 72 2d 73 69 64 65 2d 65 6e 63 72 79 70 74 69 6f 6e 0a 68 6f 73 74 3a 61 77 73 2d 63 6f 67 6e 69 74 6f 2d 69 64 70 2d 75 73 65 72 2d 69 6d 70 6f 72 74 2d 69 61 64 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 73 65 72 76 65 72 2d 73 69 64 65 2d 65 6e 63 72 79 70 74 69 6f 6e 3a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 73 65 72 76 65 72 2d 73 69 64 65 2d 65 6e 63 72 79 70 74 69 6f 6e 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44</CanonicalRequestBytes>
<RequestId>X9FP7Z7E417A9KBN</RequestId>
<HostId>v5A88FXFV/eUOLHV/BbxbMZeVrneRcWD4K8ctvbryJuzgqdDpqLdSwmSjUBfG47DtxgzpRn7a/q0iSSL3upb/VGOinVDSUkI</HostId>
</Error>

I will bring this up with the team and will keep you updated.

Thanks!

[zshzbh]

aws-solutions project using axios to send the request -
https://github.com/aws-solutions/cognito-user-profiles-export-reference-architectu[…]4f43b735ae0963e531aebf47/source/workflow-import/import-users.js

I also tried to use axios but found no luck, this is my code -

import { 
    CognitoIdentityProviderClient,
    CreateUserImportJobCommand,
    StartUserImportJobCommand
} from "@aws-sdk/client-cognito-identity-provider";

import axios from 'axios';
import fs from 'fs/promises';

const userPoolId = "us-east-1_xxxxx";
const cloud_watch_arn = "arn:aws:iam::xxxxxxx:role/CognitoUserImportCloudWatchRole";

const cognito = new CognitoIdentityProviderClient({
    region: "us-east-1",
});

async function createUserImportCSV() {
    const csvContent = `cognito:username,email,given_name,family_name,phone_number,email_verified,phone_number_verified
[email protected],[email protected],Test,User1,+12345678901,TRUE,TRUE
[email protected],[email protected],Test,User2,+12345678902,TRUE,TRUE`;

    await fs.writeFile('users_import.csv', csvContent);
    console.log('Sample CSV file created: users_import.csv');
    return csvContent;
}

//  use axios 
async function uploadFile(presignedUrl, fileContent) {
    try {
        const options = {
            headers: {
                //'Content-Type': 'text/csv', // with or without content-type, both got Signature mismatch error
                'x-amz-server-side-encryption': 'aws:kms'
            },
            // Add these options to properly handle the response
            maxBodyLength: Infinity,
            maxContentLength: Infinity
        };
        const response = await axios.put(presignedUrl, fileContent, options);

        if (response.status !== 200) {
            throw new Error(`Upload failed: ${response.statusText}`);
        }

        console.log('File uploaded successfully');
        return response;
    } catch (error) {
        console.error('Error uploading file:', error);
        throw error;
    }
}

async function importUsers() {
    try {
        const timestamp = new Date().getTime();
        const jobName = `bulk_import_${timestamp}`;

        const createJobCommand = new CreateUserImportJobCommand({
            UserPoolId: userPoolId,
            JobName: jobName,
            CloudWatchLogsRoleArn: cloud_watch_arn
        });

        console.log('Creating import job...');
        const createJobResponse = await cognito.send(createJobCommand);
        const importJob = createJobResponse.UserImportJob;

        if (!importJob || !importJob.PreSignedUrl) {
            throw new Error('Failed to get presigned URL');
        }

        console.log('Import job created:', {
            JobId: importJob.JobId,
            JobName: importJob.JobName,
            Status: importJob.Status
        });

        console.log('Creating CSV content...');
        const csvContent = await createUserImportCSV();

        console.log('Uploading file...');
        await uploadFile(importJob.PreSignedUrl, csvContent);

        console.log('Starting import job...');
        const startJobCommand = new StartUserImportJobCommand({
            UserPoolId: userPoolId,
            JobId: importJob.JobId
        });

        const startJobResponse = await cognito.send(startJobCommand);
        console.log('Import job started:', startJobResponse);

        return {
            jobId: importJob.JobId,
            status: startJobResponse.UserImportJob.Status
        };
    } catch (error) {
        console.error('Error in importUsers:', error);
        throw error;
    }
}

async function test() {
    try {
        console.log('Starting user import...');
        const result = await importUsers();
        console.log('Import initiated:', result);

        if (result.jobId) {
            console.log('Waiting 5 seconds to check status...');
            await new Promise(resolve => setTimeout(resolve, 5000));
        }
    } catch (error) {
        console.error('Test failed:', error);
    }
}

test().catch(console.error);

If you want to try axios, feel free to try it.

I have brought this up with AWS JS SDK team and they will work on this issue.

Thanks!
Maggie