前端之家

  1. 首页
  2. 问答

如何在另一个cloudformation资源中访问lambda的返回值?

问答 
  getclientId:
    Type: "AWS::Lambda::Function"
    Properties:
      Handler: index.handler
      Role: !Getatt LambdaESCognitoRole.Arn
      Code:
        ZipFile: !Sub |
          var AWS = require('aws-sdk');
          const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();
          var response = require('cfn-response');
          var responseData = {};
          exports.handler = async (event,context) => {
            console.log(JSON.stringify(event,null,2));
            var params = {
              UserPoolId: event.ResourceProperties.UserPoolId
            };
            await cognitoidentityserviceprovider.listUserPoolClients(params,function(err,data) {
              if (err) console.log(err,err.stack); // an error occurred
              else {
                console.log(data); // successful response 
                responseData = {'ClientId': data.UserPoolClients[0].ClientId};
              }
            }).promise();
            response.send(event,context,response.SUCCESS,responseData);
            return;
            }
      Runtime: nodejs8.10 

   CallgetclientId:
     Type: 'Custom::CallgetclientId'
     Version: 1.0
     Properties:
       ServiceToken: !Getatt getclientId.Arn
       UserPoolId: !Ref CognitoUserPool

  IdentityPoolRoleMapping:
    Type: "AWS::Cognito::IdentityPoolRoleAttachment"
    Properties:
      IdentityPoolId: !Ref CognitoIdentityPool
      Roles:
        authenticated: !Getatt AuthenticatedRole.Arn
        unauthenticated: !Getatt UnauthenticatedRole.Arn
      RoleMappings:
        "cognito-identity-provider":
          IdentityProvider: !Join ['',[ !Getatt CognitoUserPool.ProviderName,':',!Getatt CallgetclientId.ClientId ]] #Need to get the ClientID here
          AmbiguousRoleResolution: Deny
          Type: Rules
          RulesConfiguration:
            Rules:
              - Claim: "custom:groups"
                MatchType: "Contains"
                RoleARN: !Getatt AuthenticatedRole.Arn
                Value: "user"
              - Claim: "custom:groups"
                MatchType: "Contains"
                RoleARN: !Getatt AuthenticatedAdminRole.Arn
                Value: "admin"
lilifenglilifeng 回答:如何在另一个cloudformation资源中访问lambda的返回值?

我看到两种解决问题的方法。

一个-使用cfnresponse.send(...responseData)参数。看到这里:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html#w2ab1c17c25c14b9c11

我的例子:

cfnresponse.send(event,context,cfnresponse.SUCCESS,responseData,responseData['ClientSecret'])

一旦您从Lambda返回了数据,就可以使用!GetAtt在CFN模板中引用它:

Value: !GetAtt HapiUserPoolClientPostProc.ClientSecret

两个-我将自定义资源用作“后处理器”组件,即创建资源,然后使用自定义资源更新其参数。此顺序将通过自定义资源lambda输入参数(相关性)来保证。

我的示例是从我的ElasticBeanstalk WebApp输入Cognito AppClient回调URL。因此,我同时创建了UserPool AppClient和EB webapp,然后,后处理器自定义资源lambda从EB获取URL并在Cognito中更新CallbackURL。

希望这会有所帮助。

amazon-cloudformationamazon-cognitoaws-lambdaclientidmapping
本文链接:https://www.f2er.com/3139841.html

大家都在问