Multiple Cognito authorization ARNs for the same endpoint

I am trying to deploy a function that would be accessed by multiple users in 3 different pool

Basically the function is defined as

    handler: function.handler
      - http:
          method: get
          path: /{id}
          cors: true

So the function should be accessible using 3 cognito user pools typea typeb and typec.

Sometimes this works flawlessly and I am able to to access with all the users. On other functions even having 3 arn defined sometimes I can access only with the first group defined and not with the other ones.

Also it seems that when I try to add or remove another arn I get the error:

  An error occurred: 1UnderscoreXXXXXApiGatewayAuthorizer - ProviderARNs need to be valid Cognito Userpools. Invalid ARNs-
  arn:aws:cognito-idp:eu-central-1:XXXXXXX:userpool/eu-central-1_AAAAAAA arn:aws:cognito-idp:eu-central-1:XXXXXXX:userpool/eu-central-1_BBBBB (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: XXXXX-7421-4c70-8915-XXXX).

Then it seems that something is stuck with the API authorizer and cannot be changed anymore

Finally my questions:

  • Is a bad/good practice to have multiple cognito authorizer for the same function?
  • Is there a proper way to define multiple cognito authorizer for the same function?
  • Why sometimes it seems that the API Gateway Authorizer cannot be changed anymore? Is there also a way to change that instead of just deleting the whole stack [which I did as everything seemed to not be working]?
1 Like

Is this resolved?
Can we list down ARN from different user pools?