Hi,
I’m creating an AWS UserPool in my serverless.yml. I want to use that user pool for authorization on some endpoints. I can easily do that by setting the authorizer to the ARN of the generated user pool, but then I need to check for the ARN beforehand.
Can I somehow set the authorizer by the resource name, e.g.,
authorizer: Ref: CognitoUserPoolMyUserPool
or something similar?
Hi, I’d like to come back to this topic, since I do not have a solution yet and would assume, that this is possible but out of my knowledge. I currently create my lambda functions like this:
my-function:
handler: functions/handler.my_function
package:
individually: true
include:
- functions/handler.js
events:
- http:
path: /function
method: get
cors: true
authorizer:
arn: arn:aws:cognito-idp:eu-west-1:123456789:userpool/eu-west-1_xxxxxxxxx
Problem is, when I create a new userpool for some reason, like changing the name, I need to update the ARN and so on. So, how can I reference the userpool that I created within the very same serverless.yml as authorizer?
Thanks a lot for anyone helping!
You need to use GetAtt instead of Ref.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
For example !GetAtt [CognitoUserPoolMyUserPool, Arn]