User Pool Authorizer from Resource?

aws

#1

Hi,

I’m creating an AWS UserPool in my serverless.yml. I want to use that user pool for authorization on some endpoints. I can easily do that by setting the authorizer to the ARN of the generated user pool, but then I need to check for the ARN beforehand.

Can I somehow set the authorizer by the resource name, e.g.,

authorizer:
  Ref: CognitoUserPoolMyUserPool

or something similar?


#2

Hi, I’d like to come back to this topic, since I do not have a solution yet and would assume, that this is possible but out of my knowledge. I currently create my lambda functions like this:

my-function:
  handler: functions/handler.my_function
  package:
    individually: true
    include:
      - functions/handler.js
  events:
    - http:
        path: /function
        method: get
        cors: true
        authorizer:
          arn: arn:aws:cognito-idp:eu-west-1:123456789:userpool/eu-west-1_xxxxxxxxx

Problem is, when I create a new userpool for some reason, like changing the name, I need to update the ARN and so on. So, how can I reference the userpool that I created within the very same serverless.yml as authorizer?

Thanks a lot for anyone helping!


#3

You need to use GetAtt instead of Ref.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html

For example !GetAtt [CognitoUserPoolMyUserPool, Arn]