skip to Main Content

I am using AWS CDK to create a Cognito User Pool with a few lambda triggers. One of the lambdas requires a role to be attached that depends on the user pool arn. I have achieved this behaviour by adding the user pool to this particular lambda’s dependencies. The problem is that I had to remove this lambda from the user pool’s lambda triggers in order to avoid a circular dependency. I am struggling to find a way to add this trigger AFTER the creation of the lambda. Any help would be very much appreciated.

    const userPool = new cg.UserPool(this, "users", {
      ...
      lambdaTriggers: {
        ...lambdas with no dependencies
      },
    });

    // makeLambda is a custom function that returns new lambda.Function
    const postAuthentication = makeLambda(this, "postAuthentication");

    postAuthentication.addToRolePolicy(
      new iam.PolicyStatement({
        effect: iam.Effect.ALLOW,
        actions: ["cognito-idp:AdminUpdateUserAttributes"],
        resources: [userPool.userPoolArn],
      })
    );

    postAuthentication.node.addDependency(userPool);

    // This line of code is what is causing the circular dependency, if I could find a
       a way to delay this step until after the creation of the lambda it would
       solve the problem
    userPool.addTrigger(cg.UserPoolOperation.POST_AUTHENTICATION, postAuthentication);


2

Answers


  1. You need to construct userPool.userPoolArn yourself as a string, instead of referencing the resource. You’ll need to be able to predict the exact arn, which might require hard coding a name for the user pool.

    Login or Signup to reply.
  2. try boto3;

    from;
    Create trigger for Lambda function using Boto3

    response = client.add_permission(
        FunctionName='<YOUR_FUNCTION_NAME>',
        StatementId='AlexaFunctionPermission',
        Action='lambda:InvokeFunction',
        Principal='alexa-appkit.amazon.com',)
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search