User Pool Authorizer from Resource?




I’m creating an AWS UserPool in my serverless.yml. I want to use that user pool for authorization on some endpoints. I can easily do that by setting the authorizer to the ARN of the generated user pool, but then I need to check for the ARN beforehand.

Can I somehow set the authorizer by the resource name, e.g.,

  Ref: CognitoUserPoolMyUserPool

or something similar?


Hi, I’d like to come back to this topic, since I do not have a solution yet and would assume, that this is possible but out of my knowledge. I currently create my lambda functions like this:

  handler: functions/handler.my_function
    individually: true
      - functions/handler.js
    - http:
        path: /function
        method: get
        cors: true
          arn: arn:aws:cognito-idp:eu-west-1:123456789:userpool/eu-west-1_xxxxxxxxx

Problem is, when I create a new userpool for some reason, like changing the name, I need to update the ARN and so on. So, how can I reference the userpool that I created within the very same serverless.yml as authorizer?

Thanks a lot for anyone helping!


You need to use GetAtt instead of Ref.

For example !GetAtt [CognitoUserPoolMyUserPool, Arn]