I want to use resources to create a Cognito user pool and user pool client. I then want to stick the user pool client ID in an environment variable so it can accessed in my handlers. Finally I have a custom auth flow handlers attached to the user pool. This creates a circular dependency, like so:
service: backend
frameworkVersion: '3'
provider:
name: aws
runtime: python3.8
region: eu-central-1
httpApi:
cors: true
environment:
CLIENT_ID: !Ref AppCognitoUserPoolClient
functions:
SignUp:
handler: handler.sign_up
events:
- httpApi:
path: /sign_up
method: post
InitiateAuth:
handler: handler.initiate_auth
events:
- httpApi:
path: /initiate_auth
method: post
DefineAuthChallenge:
handler: handler.define_auth_challenge
CreateAuthChallenge:
handler: handler.create_auth_challenge
VerifyAuthChallenge:
handler: handler.verify_auth_challenge
RespondToAuthChallenge:
handler: handler.respond_to_auth_challenge
events:
- httpApi:
path: /respond_to_auth_challenge
method: post
resources:
Resources:
AppCognitoUserPool:
# TODO(tibbe): Only allow custom auth.
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: App-${sls:stage}
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: true
- Name: phone_number
AttributeDataType: String
Mutable: true
Required: true
UsernameAttributes:
- phone_number
MfaConfiguration: "OFF"
LambdaConfig:
DefineAuthChallenge:
Fn::GetAtt: [ DefineAuthChallengeLambdaFunction, Arn ]
CreateAuthChallenge:
Fn::GetAtt: [ CreateAuthChallengeLambdaFunction, Arn ]
VerifyAuthChallengeResponse:
Fn::GetAtt: [ VerifyAuthChallengeLambdaFunction, Arn ]
AppCognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: App-${sls:stage}
GenerateSecret: false
UserPoolId:
Ref: "AppCognitoUserPool"
Error:
The CloudFormation template is invalid: Circular dependency between resources: [CreateAuthChallengeLambdaFunction, HttpApiIntegrationInitiateAuth, RespondToAuthChallengeLambdaVersionLEiqZWUz4Y4qm1Rrp89brgn4VtGUjCzNbxkSIwTixZc, InitiateAuthLambdaVersionYS8QtvoKgCuMWXxwEjLkAx7HbNAVoJXxqvhGcT8w8U, RespondToAuthChallengeLambdaFunction, VerifyAuthChallengeLambdaVersionssBpffJwyfg06KnUQDaMDnpZ74sVRISdbT9yyQgexU8, SignUpLambdaVersionLdIFFt0LVDlTk7P8p2lmc0bosjNkqdvNrwgEdyzqMc, DefineAuthChallengeLambdaFunction, AppCognitoUserPool, DefineAuthChallengeLambdaVersion9ZVaIVBJwBQQDPGCuHtK6V7wcctKzlsmpRnCXvSdOVA, HttpApiIntegrationSignUp, SignUpLambdaFunction, VerifyAuthChallengeLambdaFunction, InitiateAuthLambdaPermissionHttpApi, SignUpLambdaPermissionHttpApi, CreateAuthChallengeLambdaVersionS8XIfffUsouz2EA0oTTMoYBZGLF1OxD1HnycuYFsM, HttpApiRoutePostRespondtoauthchallenge, InitiateAuthLambdaFunction, HttpApiRoutePostInitiateauth, HttpApiRoutePostSignup, RespondToAuthChallengeLambdaPermissionHttpApi, HttpApiIntegrationRespondToAuthChallenge, AppCognitoUserPoolClient]
How can I factor my setup to avoid this?