Cloud Formation Resources Reference

Serverless Framework
1

Hello all,
I am new to serverless framework and I came across a problem.
I want to create some resources in cloud formation and then access these resources inside the same file with some functions I am creating.
Here’s an example serverless file:

service: serverless-test
provider:
  name: aws
  runtime: nodejs6.10
  region: eu-west-1
  memorySize: 128
  timeout: 30
  role: some_role

  environment:
    COGNITO_USER_POOL_ID: <<Get the user pool id from the created resources>>
    COGNITO_CLIENT_ID: <<Get the client id from the created resources>>

functions:
  testFunction:
    handler: index.handler
    role:
      Ref: LambdaCognitoRole
    events:
      - http:
          path: test
          method: post

resources:
  Resources:
    LambdaCognitoRole:
      Type: AWS::IAM::Role
      Properties:
        RoleName: LambdaCognitoAdminRole
        AssumeRolePolicyDocument:
          Version: 2012-10-17
          Statement:
            -
              Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
              Action:
                - sts:AssumeRole
        ManagedPolicyArns:
          - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
        Policies:
          -
            PolicyName: CognitoAdminPolicy
            Version: 2012-10-17
            Statement:
              -
                Effect: Allow
                Action:
                  - cognito-idp:AdminInitiateAuth
                  - cognito-idp:AdminUpdateUserAttributes
                Resource: "*"
    MyUserPool:
      Type: AWS::Cognito::UserPool
      Properties:
        UserPoolName: MyUsers-${self:provider.stage}
        Policies:
          PasswordPolicy:
            MinimumLength: 6
            RequireLowercase: true
            RequireNumbers: true
            RequireSymbols: true
            RequireUppercase: true
    MyUserPoolClient:
      Type: AWS::Cognito::UserPoolClient
      Properties:
        ClientName: MobileClient
        ExplicitAuthFlows:
          - ADMIN_NO_SRP_AUTH
        RefreshTokenValidity: 60
        UserPoolId:
          Ref: MyUserPool-${self:provider.stage}
    MyBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: media-${self:provider.stage}
  Outputs:
    LambdaCognitoRoleARN:
      Description: "The arn for the role to be used in lambda functions"
      Value:
        Ref: LambdaCognitoRole

when I try to deploy this file I get the following error:

  Serverless: Packaging service...
  Serverless Error ---------------------------------------
 
     Unsupported role provided: "{"Ref":"LambdaCognitoRole"}"

Also I want to get the user pool id and user pool client id to set them in the environment variables to be able to use them in my lambda function.

2

You can do something like this…where you set an environment variable and reference it in your lambda. You can even assign environment variables to individual functions. But the syntax should be the same. Hope this helps.
environment:
USER_POOL:
‘Fn::GetAtt’: [ userPool, Arn ]

userPool:
Type: AWS::Cognito::UserPool
Properties:
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
#AliasAttributes:
# - String
#AutoVerifiedAttributes:
# - String
#DeviceConfiguration:
# DeviceConfiguration
#EmailConfiguration:
# EmailConfiguration
#EmailVerificationMessage: String
#EmailVerificationSubject: String
#LambdaConfig:
# LambdaConfig
#MfaConfiguration: String
#Policies:
# Policies
UserPoolName: ${self:provider.custom.stage}-XXXX
Schema:
- AttributeDataType: String
Mutable: true
Name: role
#SmsAuthenticationMessage: String
#SmsConfiguration:
# SmsConfiguration
#SmsVerificationMessage: String
#UserPoolTags:
# String: String

3

You’re almost correct in your original code, but Ref: should be !Ref . This works for my subnetIds:

vpc:
  subnetIds:
    - !Ref privateSubnetA
    - !Ref privateSubnetB