参考serverless.yml中由sst (无服务器堆栈)创建的用户池

Question

我有一个用serverless构建的相当大的应用程序，现在我们正在试用serverless-stack。我正尝试在serverless.yml函数中引用由sst创建的用户池。有可能吗？下面是我尝试过的步骤：

我已经创建了一个用户池

import * as cdk from '@aws-cdk/core'
import * as cognito from '@aws-cdk/aws-cognito'
import * as sst from '@serverless-stack/resources'

export default class UserServiceStack extends sst.Stack {
  constructor(scope: cdk.Construct, id: string, props: sst.StackProps = {}) {
    super(scope, id, props)

    const userPool = new cognito.UserPool(this, 'userPool', {
      signInAliases: {
        email: true,
        phone: true,
      },
      autoVerify: {
        email: true,
        phone: true,
      },
      passwordPolicy: {
        minLength: 8,
        requireDigits: false,
        requireLowercase: false,
        requireSymbols: false,
        requireUppercase: false,
      },
      signInCaseSensitive: false,
      selfSignUpEnabled: true,
    })

    new cdk.CfnOutput(this, 'UserPoolId', {
      value: userPool.userPoolId,
    })

    const userPoolClient = new cognito.UserPoolClient(this, 'userPoolClient', {
      userPool,
      authFlows: {
        adminUserPassword: true,
        userPassword: true,
      },
    })
    
    new cdk.CfnOutput(this, 'UserPoolClientId', {
      value: userPoolClient.userPoolClientId,
    })
  }
}

并且想要更新在serverless.yml中定义的post确认触发器

  ...
  createUser:
    handler: createUser.default
    events:
      - cognitoUserPool:
          pool: !ImportValue '${self:custom.sstApp}...' # what to put here?
          trigger: PostConfirmation
          existing: true

Answer 1

我想通了。首先，如何在serverless.yml中使用cdk输出变量。

将它们导出到文件中

AWS_PROFILE=<profile-name> npx sst deploy --outputs-file ./exports.json

在serverless.yml中，你可以像这样引用它

  ...
  createUser:
    handler: createUser.default
    events:
      - cognitoUserPool:
          pool: ${file(../../infrastructure/exports.json):${self:custom.sstApp}-UserServiceStack.userPoolName}
          trigger: PostConfirmation
          existing: true

第二。serverless是这样设置的，你必须传递userPoolName，而不是userPoolId。所以我必须生成用户池名称并将其输出

import * as uuid from 'uuid'

...

    const userPoolName = uuid.v4()
    const userPool = new cognito.UserPool(this, 'userPool', {
      userPoolName,
      ...
    })
    ...
    // eslint-disable-next-line no-new
    new cdk.CfnOutput(this, 'userPoolName', {
      value: userPoolName,
    })

第三，为了避免在调用lambda作为触发器时出现AccessDeniedException，您需要在资源中添加以下内容

  - Resources:
      OnCognitoSignupPermission:
        Type: 'AWS::Lambda::Permission'
        Properties:
          Action: "lambda:InvokeFunction"
          FunctionName:
            Fn::GetAtt: [ "CreateUserLambdaFunction", "Arn"] # the name must be uppercased name of your lambda + LambdaFunction at the end
          Principal: "cognito-idp.amazonaws.com"
          SourceArn: ${file(../../infrastructure/exports.json):${self:custom.sstApp}-UserServiceStack.userPoolArn}