Cognito User/Identity Pools as serverless.yml resource defs

kgoedecke · July 19, 2018, 4:55pm

Is there any update on the issue? I still want to reference the user pool using the ARN dynamically.

prd · September 13, 2018, 1:26pm

Something that caught me out on this – Cognito Identity Pools cannot have hyphens in the pool name (unlike user pools and many other named elements).

I was getting a regex error when trying to deploy:
1 validation error detected: Value 'XXXXX; at ‘identityPoolName’ failed to satisfy constraint: Member must satisfy regular expression pattern: [\w ]+ (Service: AmazonCognitoIdentity; Status Code: 400;

Removed the hyphens from the name and it deployed without issue:
‘’’
CognitoIdentityPool:
Type: AWS::Cognito::IdentityPool
Properties:
IdentityPoolName: ${self:custom.stage}SomeNameIdentityPool
AllowUnauthenticatedIdentities: false
CognitoIdentityProviders:
- ClientId:
Ref: CognitoUserPoolClient
ProviderName:
‘Fn::GetAtt’: [“CognitoUserPool”,“ProviderName”]

‘’’

RobertBrewitz · September 23, 2018, 9:38pm

Have a look here, may help you, unless you provide a string to arn, the resource build in serverless assumes you’re trying to reference a lambda function to make the authorization, and can only build that kind of authorizer for you: https://github.com/serverless/serverless/blob/master/lib/plugins/aws/package/compile/events/apiGateway/lib/authorizers.js#L27

I managed to dynamically build an Authorizer reference like this:

RobertBrewitz · December 31, 2018, 9:40am

caleb-vear · January 22, 2019, 5:00am

Thanks, you’re a lifesaver

mrowles · February 3, 2019, 8:57pm

This is great, thanks @jonsmirl!

It looks like this might not facilitate multiple environments, however, as the error I’m getting seems to be from the ‘Outputs’:

service-prod - Export with name UserPoolClient::Id is already exported by stack service-pre.

The only alternative I can think of doing, since we cannot use strings as key/property names in YAML, perhaps exporting both versions of pre/prod:

Outputs:
    UserPoolIdpre:
      Value:
        Ref: UserPoolpre
      Export:
        Name: 'UserPool::Id'
    UserPoolIdprod:
      Value:
        Ref: UserPoolprod
      Export:
        Name: 'UserPool::Id'

UserPoolClient:
  Type: 'AWS::Cognito::UserPoolClient'
  Properties:
    ClientName: service-${self:provider.stage}-web-client
    GenerateSecret: false
    UserPoolId:
      Ref: "UserPool${self:provider.stage}"

Has anyone else figured this one out because this is not scalable, looks ugly and probably doesn’t even work?