Question

当我尝试在lambda环境中使用Ref：AWS::Cognito::UserPool时，当lambda绑定到来自cognitoUserPool

的事件时，我收到错误

这是错误 The CloudFormation template is invalid: Circular dependency between resources:

无服务器代码

functions:
  cognito:
    handler: src/lambdas.cognito
    events:
      - cognitoUserPool:
          pool: General
          trigger: CustomMessage
      - cognitoUserPool:
          pool: General
          trigger: PostConfirmation
      - cognitoUserPool:
          pool: General
          trigger: PreSignUp
    environment:
      COGNITO_USER_POOL_ID:
        Ref: CognitoUserPoolGeneral

resources:
  Resources:
    CognitoIdentityPoolGeneral:
      Type: AWS::Cognito::IdentityPool
      Properties:
        IdentityPoolName: IdentityPool
        AllowUnauthenticatedIdentities: false
        CognitoIdentityProviders:
          -
            ClientId:
              Ref: CognitoUserPoolGeneralWebClient
            ProviderName:
              Fn::GetAtt: [CognitoUserPoolGeneral,ProviderName]

    CognitoIdentityPoolGeneralRoleAttachments:
      Type: AWS::Cognito::IdentityPoolRoleAttachment
      Properties:
        IdentityPoolId:
          Ref: CognitoIdentityPoolGeneral
        Roles:
          authenticated:
            Fn::GetAtt: [CognitoIdentityPoolAuthRole,Arn]
          unauthenticated:
            Fn::GetAtt: [CognitoIdentityPoolUnAuthRole,Arn]


    CognitoIdentityPoolAuthRole:
      Type: AWS::IAM::Role
      Properties:
        RoleName: CognitoIdentityAuth
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            -
              Effect: Allow
              Principal:
                Federated: cognito-identity.amazonaws.com
              Action: sts:AssumeRoleWithWebIdentity
              Condition:
                StringEquals:
                  cognito-identity.amazonaws.com:aud:
                    Ref: CognitoIdentityPoolGeneral
                ForAnyValue:StringLike:
                  cognito-identity.amazonaws.com:amr: authenticated



    CognitoIdentityPoolUnAuthRole:
      Type: AWS::IAM::Role
      Properties:
        RoleName: CognitoIdentityUnAuth
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            -
              Effect: Allow
              Principal:
                Federated: cognito-identity.amazonaws.com
              Action: sts:AssumeRoleWithWebIdentity
              Condition:
                StringEquals:
                  cognito-identity.amazonaws.com:aud:
                    Ref: CognitoIdentityPoolGeneral
                ForAnyValue:StringLike:
                  cognito-identity.amazonaws.com:amr: unauthenticated


    CognitoUserPoolGeneral:
      Type: AWS::Cognito::UserPool
      Properties:
        UserPoolName: general
        AutoVerifiedAttributes: [ email ]
        AliasAttributes: [ email ]
        Policies:
          PasswordPolicy:
            MinimumLength: 6
            RequireLowercase: false
            RequireNumbers: false
            RequireSymbols: false
            RequireUppercase: false
        Schema:
          - AttributeDataType: String
            Name: landingWebSite
            DeveloperOnlyAttribute: false
            Mutable: true
            Required: false
          - AttributeDataType: String
            Name: userAgentLocale
            DeveloperOnlyAttribute: false
            Mutable: true
            Required: false

    CognitoUserPoolGeneralWebClient:
      Type: AWS::Cognito::UserPoolClient
      Properties:
        ClientName: web
        GenerateSecret: false
        RefreshTokenValidity: 30
        UserPoolId:
          Ref: CognitoUserPoolGeneral

Answer 1

通过删除以下部分：

  COGNITO_USER_POOL_ID:
    Ref: CognitoUserPoolGeneral

您的部署应该可以正常工作。
要获取用户池属性-可以在事件对象中找到用户池ID（其他属性只是查询问题）。

资源之间的循环依赖关系：CognitoUserPool和环境

1 个答案: