https://serverless-stack.com/ logo
#help
Title
# help
p

Pavan Kumar

12/02/2021, 12:21 PM
I need to add permission to the lambda trigger. But following code doesn't run given the
cognitoArn
is null. How would I get around it or what is proper way to do it.
Copy code
const preSignUpFunction = new sst.Function(this, 'PreSignUp', {
      handler: 'users/auth/preSignUp.handler'
    })
    const userPool = new cognito.UserPool(this, "UserPool", {
      lambdaTriggers: {
        preSignUp: preSignUpFunction,
      }
    });

    const userPoolClient = new cognito.UserPoolClient(this, "UserPoolClient", {
      // ...
    });

    this.auth = new sst.Auth(this, 'Auth', {
      cognito: {
        userPool,
        userPoolClient,
      },
    });

    const cognitoArn = this.auth.cognitoUserPool?.userPoolArn;

    if (cognitoArn) {
      const permissions = [
        new iam.PolicyStatement({
          actions: [
            "cognito-idp:AdminCreateUser",
            "cognito-idp:AdminDeleteUser",
            "cognito-idp:AdminSetUserPassword",
            "cognito-idp:AdminDisableUser",
            "cognito-idp:AdminEnableUser",
            "cognito-idp:AdminUpdateUserAttributes",
          ],
          effect: iam.Effect.ALLOW,
          resources: [
            cognitoArn
          ],
        })
      ];

      preSignUpFunction.attachPermissions(permissions);
    }
maybe this would help
p

Pavan Kumar

12/02/2021, 2:09 PM
@Gabriel Araújo It's not about just permission. It's more about how to get Arn of resource which is created in previous line. In my case access
this.auth.cognitoUserPool?.userPoolArn
. Because when I use it, i get type script error that it may be null. But when I wrap it around if statement then if block won't get executed as
this.auth.cognitoUserPool?.userPoolArn
is null/undefined at that time.
o

Omi Chowdhury

12/02/2021, 2:44 PM
Are you able to use
userPool.userPoolArn
directly?
p

Pavan Kumar

12/02/2021, 2:48 PM
@Omi Chowdhury If I try to use arn directly as follows
Copy code
resources: [
          this.auth.cognitoUserPool!.userPoolArn!,
        ]
I get following error.
Copy code
Rules with suggestions must set the `meta.hasSuggestions` property to `true`. `meta.docs.suggestion` is ignored by ESLint

Rule: "@typescript-eslint/no-non-null-assertion"
o

Omi Chowdhury

12/02/2021, 2:48 PM
I mean instead of using this.auth, use the arn on
cognito.UserPool
p

Pavan Kumar

12/02/2021, 2:49 PM
Ahh!! Let me try.