Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Circular dependency between resources: CognitoUserPool and environment

I am getting an error when i try to use Ref: to AWS::Cognito::UserPool in lambda environment when the lambda is bound to events from cognitoUserPool

This is the error The CloudFormation template is invalid: Circular dependency between resources:

Serverless code

functions:
  cognito:
    handler: src/lambdas.cognito
    events:
      - cognitoUserPool:
          pool: General
          trigger: CustomMessage
      - cognitoUserPool:
          pool: General
          trigger: PostConfirmation
      - cognitoUserPool:
          pool: General
          trigger: PreSignUp
    environment:
      COGNITO_USER_POOL_ID:
        Ref: CognitoUserPoolGeneral

resources:
  Resources:
    CognitoIdentityPoolGeneral:
      Type: AWS::Cognito::IdentityPool
      Properties:
        IdentityPoolName: IdentityPool
        AllowUnauthenticatedIdentities: false
        CognitoIdentityProviders:
          -
            ClientId:
              Ref: CognitoUserPoolGeneralWebClient
            ProviderName:
              Fn::GetAtt: [CognitoUserPoolGeneral,ProviderName]

    CognitoIdentityPoolGeneralRoleAttachments:
      Type: AWS::Cognito::IdentityPoolRoleAttachment
      Properties:
        IdentityPoolId:
          Ref: CognitoIdentityPoolGeneral
        Roles:
          authenticated:
            Fn::GetAtt: [CognitoIdentityPoolAuthRole,Arn]
          unauthenticated:
            Fn::GetAtt: [CognitoIdentityPoolUnAuthRole,Arn]


    CognitoIdentityPoolAuthRole:
      Type: AWS::IAM::Role
      Properties:
        RoleName: CognitoIdentityAuth
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            -
              Effect: Allow
              Principal:
                Federated: cognito-identity.amazonaws.com
              Action: sts:AssumeRoleWithWebIdentity
              Condition:
                StringEquals:
                  cognito-identity.amazonaws.com:aud:
                    Ref: CognitoIdentityPoolGeneral
                ForAnyValue:StringLike:
                  cognito-identity.amazonaws.com:amr: authenticated



    CognitoIdentityPoolUnAuthRole:
      Type: AWS::IAM::Role
      Properties:
        RoleName: CognitoIdentityUnAuth
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            -
              Effect: Allow
              Principal:
                Federated: cognito-identity.amazonaws.com
              Action: sts:AssumeRoleWithWebIdentity
              Condition:
                StringEquals:
                  cognito-identity.amazonaws.com:aud:
                    Ref: CognitoIdentityPoolGeneral
                ForAnyValue:StringLike:
                  cognito-identity.amazonaws.com:amr: unauthenticated


    CognitoUserPoolGeneral:
      Type: AWS::Cognito::UserPool
      Properties:
        UserPoolName: general
        AutoVerifiedAttributes: [ email ]
        AliasAttributes: [ email ]
        Policies:
          PasswordPolicy:
            MinimumLength: 6
            RequireLowercase: false
            RequireNumbers: false
            RequireSymbols: false
            RequireUppercase: false
        Schema:
          - AttributeDataType: String
            Name: landingWebSite
            DeveloperOnlyAttribute: false
            Mutable: true
            Required: false
          - AttributeDataType: String
            Name: userAgentLocale
            DeveloperOnlyAttribute: false
            Mutable: true
            Required: false

    CognitoUserPoolGeneralWebClient:
      Type: AWS::Cognito::UserPoolClient
      Properties:
        ClientName: web
        GenerateSecret: false
        RefreshTokenValidity: 30
        UserPoolId:
          Ref: CognitoUserPoolGeneral
like image 303
Kliment Avatar asked Nov 07 '22 09:11

Kliment


1 Answers

By removing the following section:

  COGNITO_USER_POOL_ID:
    Ref: CognitoUserPoolGeneral

Your deployment should work without an issue.
To get the User Pool properties - the User Pool ID can be found in the event object (other properties are just a matter of querying).

like image 51
Asaf Avatar answered Nov 15 '22 08:11

Asaf