I am using AWS CDK to create a Cognito User Pool with a few lambda triggers. One of the lambdas requires a role to be attached that depends on the user pool arn. I have achieved this behaviour by adding the user pool to this particular lambda’s dependencies. The problem is that I had to remove this lambda from the user pool’s lambda triggers in order to avoid a circular dependency. I am struggling to find a way to add this trigger AFTER the creation of the lambda. Any help would be very much appreciated.
const userPool = new cg.UserPool(this, "users", {
...
lambdaTriggers: {
...lambdas with no dependencies
},
});
// makeLambda is a custom function that returns new lambda.Function
const postAuthentication = makeLambda(this, "postAuthentication");
postAuthentication.addToRolePolicy(
new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: ["cognito-idp:AdminUpdateUserAttributes"],
resources: [userPool.userPoolArn],
})
);
postAuthentication.node.addDependency(userPool);
// This line of code is what is causing the circular dependency, if I could find a
a way to delay this step until after the creation of the lambda it would
solve the problem
userPool.addTrigger(cg.UserPoolOperation.POST_AUTHENTICATION, postAuthentication);
2
Answers
You need to construct
userPool.userPoolArn
yourself as a string, instead of referencing the resource. You’ll need to be able to predict the exact arn, which might require hard coding a name for the user pool.try boto3;
from;
Create trigger for Lambda function using Boto3