I am getting an error when i try to use Ref
: to AWS::Cognito::UserPool
in lambda environment when the lambda is bound to events from cognitoUserPool
This is the error
The CloudFormation template is invalid: Circular dependency between resources:
Serverless code
functions:
cognito:
handler: src/lambdas.cognito
events:
- cognitoUserPool:
pool: General
trigger: CustomMessage
- cognitoUserPool:
pool: General
trigger: PostConfirmation
- cognitoUserPool:
pool: General
trigger: PreSignUp
environment:
COGNITO_USER_POOL_ID:
Ref: CognitoUserPoolGeneral
resources:
Resources:
CognitoIdentityPoolGeneral:
Type: AWS::Cognito::IdentityPool
Properties:
IdentityPoolName: IdentityPool
AllowUnauthenticatedIdentities: false
CognitoIdentityProviders:
-
ClientId:
Ref: CognitoUserPoolGeneralWebClient
ProviderName:
Fn::GetAtt: [CognitoUserPoolGeneral,ProviderName]
CognitoIdentityPoolGeneralRoleAttachments:
Type: AWS::Cognito::IdentityPoolRoleAttachment
Properties:
IdentityPoolId:
Ref: CognitoIdentityPoolGeneral
Roles:
authenticated:
Fn::GetAtt: [CognitoIdentityPoolAuthRole,Arn]
unauthenticated:
Fn::GetAtt: [CognitoIdentityPoolUnAuthRole,Arn]
CognitoIdentityPoolAuthRole:
Type: AWS::IAM::Role
Properties:
RoleName: CognitoIdentityAuth
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: Allow
Principal:
Federated: cognito-identity.amazonaws.com
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud:
Ref: CognitoIdentityPoolGeneral
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr: authenticated
CognitoIdentityPoolUnAuthRole:
Type: AWS::IAM::Role
Properties:
RoleName: CognitoIdentityUnAuth
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: Allow
Principal:
Federated: cognito-identity.amazonaws.com
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud:
Ref: CognitoIdentityPoolGeneral
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr: unauthenticated
CognitoUserPoolGeneral:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: general
AutoVerifiedAttributes: [ email ]
AliasAttributes: [ email ]
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
Schema:
- AttributeDataType: String
Name: landingWebSite
DeveloperOnlyAttribute: false
Mutable: true
Required: false
- AttributeDataType: String
Name: userAgentLocale
DeveloperOnlyAttribute: false
Mutable: true
Required: false
CognitoUserPoolGeneralWebClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: web
GenerateSecret: false
RefreshTokenValidity: 30
UserPoolId:
Ref: CognitoUserPoolGeneral
By removing the following section:
COGNITO_USER_POOL_ID:
Ref: CognitoUserPoolGeneral
Your deployment should work without an issue.
To get the User Pool properties - the User Pool ID can be found in the event object (other properties are just a matter of querying).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With