dbeja
January 24, 2018, 12:26pm
1
Anyone was able to make the Cognito User Pool trigger work? (https://serverless.com/framework/docs/providers/aws/events/cognito-user-pool/ )
I have something like this in my serverless.yml:
changeActivationMessage:
handler: functions/changeActivationMessage.main
events:
- cognitoUserPool:
pool: MyUserPool
trigger: CustomMessage
resources:
Resources:
CognitoUserPoolMyUserPool:
Type: "AWS::Cognito::UserPool"
Properties:
But now I’m getting the error:
Thanks
Hi @dbeja ,
I don’t see any problems in the snippet you provided. Do you have more resources defined in serverless.yml?
I can post my working example of serverless.yml for cognito - it’s quite long though.
Cheers
dbeja
January 25, 2018, 11:00am
3
Yes @igorkosta , that would be helpful.
The other parts I have in resources are a User Pool Client, and a Cognito Identity:
baCognitoUserPoolClient:
Type: "AWS::Cognito::UserPoolClient"
Properties:
ClientName: ${self:provider.stage}_baCognitoUserPool_Client
ExplicitAuthFlows:
- ADMIN_NO_SRP_AUTH
GenerateSecret: false
UserPoolId:
Ref: CognitoUserPoolMyUserPool
baCognitoIdentityPool:
Type: AWS::Cognito::IdentityPool
Properties:
IdentityPoolName: ${self:provider.stage}_baCognitoIdentityPool
AllowUnauthenticatedIdentities: false
CognitoIdentityProviders:
- ClientId:
Ref: baCognitoUserPoolClient
ProviderName:
Fn::GetAtt: [CognitoUserPoolMyUserPool, ProviderName]
dbeja:
CognitoIdentityProviders
not sure if you saw this example already - I took almost everything from it (I hope it helps):
cognito.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: Cognito Stack
Parameters:
AuthName:
Type: String
Description: Unique Auth Name for Cognito Resources
Resources:
# Creates a role that allows Cognito to send SNS messages
SNSRole:show original
description.md
This creates a starting point for a simple Authentication backend using AWS Cognito. With this you can create everything you need for the backend to register, login, and access AWS Lambda and other services.
To get started builing a client...
Identity: https://github.com/aws/amazon-cognito-identity-js
Serverless: https://blog.rackspace.com/part-1-building-server-less-architecture-aws
I am not using the IndentityPool with cognito, so I’m not sure if I really can help.
Nevertheless, if it doesn’t help, ping me again and I’ll try to help.
we are trying to automatically create cognito user pool by specifying cloudformation resources and including that to the serverless.yml, pretty much a similar scenario. We were facing the circular dependency issue when we tried referring the preauth trigger to the user pool and provide an IamRoleStatement for the lambda to invoke the cognito user pool, something like the below statement:
iamRoleStatements: [
This causes a circular dependency between the resources, even referring through {‘Fn::GetAtt’ : [‘CognitoUserPoolMyUserPool’, ‘Arn’]} or ${self:custom.env.USER_POOL_ARN}’ didn’t work. Do you have any suggestions to this?
buggy
December 18, 2018, 8:53am
6
When this happens the best option is usually to use https://github.com/functionalone/serverless-iam-roles-per-function so each function gets their own set of permissions instead of all sharing the one setup.
1 Like
@buggy thanks for your input. This does work using the serverless-iam-roles-per-function. It fixed the circular dependency issue.