我有一个lambda,其目的是提取Cognito Post Confirmation事件,并使用其中的一些事件数据通过AppSync调用createUser突变。 Lambda从AppSync收到以下响应:{"size":0,"timeout":0}。我找不到有关这意味着什么的文档,并且不会发生突变。此外,从AppSync控制台可以正常使用相同的变体和相同的凭据。我错过了明显的事情吗?
Lambda
const URL = require("url");
const fetch = require("node-fetch");
const { CognitoIdentityServiceProvider } = require("aws-sdk");
const cognitoIdentityServiceProvider = new CognitoIdentityServiceProvider({
apiVersion: "2016-04-18"
});
const initiateAuth = ({ clientId, userPoolId, username, password }) =>
cognitoIdentityServiceProvider
.adminInitiateAuth({
AuthFlow: "ADMIN_NO_SRP_AUTH",
AuthParameters: {
USERNAME: username,
PASSWORD: password
},
ClientId: clientId,
UserPoolId: userPoolId
})
.promise();
exports.handler = async (event, context, callback) => {
console.log(event);
const clientId = process.env.COGNITO_CLIENT_ID;
const userPoolId = process.env.COGNITO_USER_POOL_ID;
const endPoint = process.env.APPSYNC_GRAPHQL_ENDPOINT;
const username = process.env.COGNITO_USERNAME;
const password = process.env.COGNITO_PASSWORD;
const { AuthenticationResult } = await initiateAuth({
clientId,
userPoolId,
username,
password
});
const accessToken = AuthenticationResult && AuthenticationResult.AccessToken;
console.log(`Access Token: ${accessToken}`);
const postBody = {
query: `mutation CreateUser($id: ID!, $username: String!) {
createUser(input: {id: $id, username: $username}) {
id,
username
}
}`,
operationName: "CreateUser",
variables: {
id: event.request.userAttributes.sub,
username: event.username
}
};
const uri = await URL.parse(endPoint);
console.log(uri);
const options = {
method: "POST",
body: JSON.stringify(postBody),
headers: {
host: uri.host,
"Content-Type": "application/json",
Authorization: accessToken
}
};
const response = await fetch(uri.href, options);
console.log(`AppSync mutation response: ${JSON.stringify(response)}`);
const { data } = await response.json();
const result = data && data.createUser;
callback(null, result);
};
SAM模板
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Stack for using Cognito events to create Users database. stack-ingest-cognito-events
Resources:
IngestCognitoEventsLambdaRole:
Type: AWS::IAM::Role
Properties:
RoleName: role-ingest-cognito-events-lambda
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: policy-ingest-cognito-events-lambda
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- Effect: Allow
Action:
- cognito-idp:Admin*
Resource:
Fn::Sub: arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/us-east-1_mypool
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
IngestCognitoEventsLambda:
Type: AWS::Serverless::Function
Properties:
FunctionName: lambda-ingest-cognito-events
Description: Ingests Cognito events, propogates changes.
AutoPublishAlias: live
Runtime: nodejs8.10
Handler: index.handler
CodeUri: s3://mybucket
MemorySize: 128
Timeout: 10
Environment:
Variables:
COGNITO_CLIENT_ID: myclientid
COGNITO_USER_POOL_ID: us-east-1_mypool
APPSYNC_GRAPHQL_ENDPOINT: https://myhash.appsync-api.us-east-1.amazonaws.com/graphql
COGNITO_USERNAME: serviceAcctUsername
COGNITO_PASSWORD: serviceAcctPassword
Role:
Fn::GetAtt:
- IngestCognitoEventsLambdaRole
- Arn