I am trying to deploy a function that would be accessed by multiple users in 3 different pool
Basically the function is defined as
MyFunction:
handler: function.handler
events:
- http:
method: get
path: /{id}
cors: true
authorizer:
arn:
${ssm:typea-user-pool-arn-${self:custom.stage}}
${ssm:typeb-user-pool-arn-${self:custom.stage}}
${ssm:typec-user-pool-arn-${self:custom.stage}}
So the function should be accessible using 3 cognito user pools typea typeb and typec.
Sometimes this works flawlessly and I am able to to access with all the users. On other functions even having 3 arn defined sometimes I can access only with the first group defined and not with the other ones.
Also it seems that when I try to add or remove another arn I get the error:
An error occurred: 1UnderscoreXXXXXApiGatewayAuthorizer - ProviderARNs need to be valid Cognito Userpools. Invalid ARNs-
arn:aws:cognito-idp:eu-central-1:XXXXXXX:userpool/eu-central-1_AAAAAAA arn:aws:cognito-idp:eu-central-1:XXXXXXX:userpool/eu-central-1_BBBBB (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: XXXXX-7421-4c70-8915-XXXX).
Then it seems that something is stuck with the API authorizer and cannot be changed anymore
Finally my questions:
- Is a bad/good practice to have multiple cognito authorizer for the same function?
- Is there a proper way to define multiple cognito authorizer for the same function?
- Why sometimes it seems that the API Gateway Authorizer cannot be changed anymore? Is there also a way to change that instead of just deleting the whole stack [which I did as everything seemed to not be working]?