Cognito User/Identity Pools as serverless.yml resource defs


#21

Is there any update on the issue? I still want to reference the user pool using the ARN dynamically.


#22

Something that caught me out on this – Cognito Identity Pools cannot have hyphens in the pool name (unlike user pools and many other named elements).

I was getting a regex error when trying to deploy:
1 validation error detected: Value 'XXXXX; at ‘identityPoolName’ failed to satisfy constraint: Member must satisfy regular expression pattern: [\w ]+ (Service: AmazonCognitoIdentity; Status Code: 400;

Removed the hyphens from the name and it deployed without issue:
‘’’
CognitoIdentityPool:
Type: AWS::Cognito::IdentityPool
Properties:
IdentityPoolName: ${self:custom.stage}SomeNameIdentityPool
AllowUnauthenticatedIdentities: false
CognitoIdentityProviders:
- ClientId:
Ref: CognitoUserPoolClient
ProviderName:
‘Fn::GetAtt’: [“CognitoUserPool”,“ProviderName”]

‘’’


#24

Have a look here, may help you, unless you provide a string to arn, the resource build in serverless assumes you’re trying to reference a lambda function to make the authorization, and can only build that kind of authorizer for you: https://github.com/serverless/serverless/blob/master/lib/plugins/aws/package/compile/events/apiGateway/lib/authorizers.js#L27

I managed to dynamically build an Authorizer reference like this:


Dynamic ARN to Cognito authorizer
#25

#26

Thanks, you’re a lifesaver :slight_smile:


#27

This is great, thanks @jonsmirl!

It looks like this might not facilitate multiple environments, however, as the error I’m getting seems to be from the ‘Outputs’:

service-prod - Export with name UserPoolClient::Id is already exported by stack service-pre.

The only alternative I can think of doing, since we cannot use strings as key/property names in YAML, perhaps exporting both versions of pre/prod:

Outputs:
    UserPoolIdpre:
      Value:
        Ref: UserPoolpre
      Export:
        Name: 'UserPool::Id'
    UserPoolIdprod:
      Value:
        Ref: UserPoolprod
      Export:
        Name: 'UserPool::Id'
UserPoolClient:
  Type: 'AWS::Cognito::UserPoolClient'
  Properties:
    ClientName: service-${self:provider.stage}-web-client
    GenerateSecret: false
    UserPoolId:
      Ref: "UserPool${self:provider.stage}"

Has anyone else figured this one out because this is not scalable, looks ugly and probably doesn’t even work?