getclientId:
Type: "AWS::Lambda::Function"
Properties:
Handler: index.handler
Role: !Getatt LambdaESCognitoRole.Arn
Code:
ZipFile: !Sub |
var AWS = require('aws-sdk');
const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();
var response = require('cfn-response');
var responseData = {};
exports.handler = async (event,context) => {
console.log(JSON.stringify(event,null,2));
var params = {
UserPoolId: event.ResourceProperties.UserPoolId
};
await cognitoidentityserviceprovider.listUserPoolClients(params,function(err,data) {
if (err) console.log(err,err.stack); // an error occurred
else {
console.log(data); // successful response
responseData = {'ClientId': data.UserPoolClients[0].ClientId};
}
}).promise();
response.send(event,context,response.SUCCESS,responseData);
return;
}
Runtime: nodejs8.10
CallgetclientId:
Type: 'Custom::CallgetclientId'
Version: 1.0
Properties:
ServiceToken: !Getatt getclientId.Arn
UserPoolId: !Ref CognitoUserPool
IdentityPoolRoleMapping:
Type: "AWS::Cognito::IdentityPoolRoleAttachment"
Properties:
IdentityPoolId: !Ref CognitoIdentityPool
Roles:
authenticated: !Getatt AuthenticatedRole.Arn
unauthenticated: !Getatt UnauthenticatedRole.Arn
RoleMappings:
"cognito-identity-provider":
IdentityProvider: !Join ['',[ !Getatt CognitoUserPool.ProviderName,':',!Getatt CallgetclientId.ClientId ]] #Need to get the ClientID here
AmbiguousRoleResolution: Deny
Type: Rules
RulesConfiguration:
Rules:
- Claim: "custom:groups"
MatchType: "Contains"
RoleARN: !Getatt AuthenticatedRole.Arn
Value: "user"
- Claim: "custom:groups"
MatchType: "Contains"
RoleARN: !Getatt AuthenticatedAdminRole.Arn
Value: "admin"
如何在另一个cloudformation资源中访问lambda的返回值?
•
问答
lilifenglilifeng 回答:如何在另一个cloudformation资源中访问lambda的返回值?
我看到两种解决问题的方法。
一个-使用cfnresponse.send(...responseData)
参数。看到这里:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html#w2ab1c17c25c14b9c11
我的例子:
cfnresponse.send(event,context,cfnresponse.SUCCESS,responseData,responseData['ClientSecret'])
一旦您从Lambda返回了数据,就可以使用!GetAtt在CFN模板中引用它:
Value: !GetAtt HapiUserPoolClientPostProc.ClientSecret
两个-我将自定义资源用作“后处理器”组件,即创建资源,然后使用自定义资源更新其参数。此顺序将通过自定义资源lambda输入参数(相关性)来保证。
我的示例是从我的ElasticBeanstalk WebApp输入Cognito AppClient回调URL。因此,我同时创建了UserPool AppClient和EB webapp,然后,后处理器自定义资源lambda从EB获取URL并在Cognito中更新CallbackURL。
希望这会有所帮助。