【发布时间】:2018-08-19 18:13:06
【问题描述】:
当 lambda 绑定到来自 cognitoUserPool 的事件时,当我尝试在 lambda 环境中使用 Ref: to AWS::Cognito::UserPool 时出现错误
这是错误
The CloudFormation template is invalid: Circular dependency between resources:
无服务器代码
functions:
cognito:
handler: src/lambdas.cognito
events:
- cognitoUserPool:
pool: General
trigger: CustomMessage
- cognitoUserPool:
pool: General
trigger: PostConfirmation
- cognitoUserPool:
pool: General
trigger: PreSignUp
environment:
COGNITO_USER_POOL_ID:
Ref: CognitoUserPoolGeneral
resources:
Resources:
CognitoIdentityPoolGeneral:
Type: AWS::Cognito::IdentityPool
Properties:
IdentityPoolName: IdentityPool
AllowUnauthenticatedIdentities: false
CognitoIdentityProviders:
-
ClientId:
Ref: CognitoUserPoolGeneralWebClient
ProviderName:
Fn::GetAtt: [CognitoUserPoolGeneral,ProviderName]
CognitoIdentityPoolGeneralRoleAttachments:
Type: AWS::Cognito::IdentityPoolRoleAttachment
Properties:
IdentityPoolId:
Ref: CognitoIdentityPoolGeneral
Roles:
authenticated:
Fn::GetAtt: [CognitoIdentityPoolAuthRole,Arn]
unauthenticated:
Fn::GetAtt: [CognitoIdentityPoolUnAuthRole,Arn]
CognitoIdentityPoolAuthRole:
Type: AWS::IAM::Role
Properties:
RoleName: CognitoIdentityAuth
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: Allow
Principal:
Federated: cognito-identity.amazonaws.com
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud:
Ref: CognitoIdentityPoolGeneral
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr: authenticated
CognitoIdentityPoolUnAuthRole:
Type: AWS::IAM::Role
Properties:
RoleName: CognitoIdentityUnAuth
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: Allow
Principal:
Federated: cognito-identity.amazonaws.com
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud:
Ref: CognitoIdentityPoolGeneral
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr: unauthenticated
CognitoUserPoolGeneral:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: general
AutoVerifiedAttributes: [ email ]
AliasAttributes: [ email ]
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
Schema:
- AttributeDataType: String
Name: landingWebSite
DeveloperOnlyAttribute: false
Mutable: true
Required: false
- AttributeDataType: String
Name: userAgentLocale
DeveloperOnlyAttribute: false
Mutable: true
Required: false
CognitoUserPoolGeneralWebClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: web
GenerateSecret: false
RefreshTokenValidity: 30
UserPoolId:
Ref: CognitoUserPoolGeneral
【问题讨论】:
-
使用Cognito User Pool event时,Serverless会在命名池上生成
LambdaConfig属性,为<Function>.Arn属性设置Fn::GetAtt,从而创建循环引用。 -
是的,我知道为什么我会得到循环 dep,但我的问题是这可以解决吗?因为据我所知,可以在创建 lambda 后设置环境。
-
您是如何绕过 lambda 调用池的角色权限的?
标签: amazon-web-services aws-lambda amazon-cloudformation serverless-framework serverless