I need to add permission to the lambda trigger. Bu...
# helpp
Pavan Kumar
12/02/2021, 12:21 PMI need to add permission to the lambda trigger. But following code doesn't run given the
cognitoArn Copy code
const preSignUpFunction = new sst.Function(this, 'PreSignUp', {
handler: 'users/auth/preSignUp.handler'
})
const userPool = new cognito.UserPool(this, "UserPool", {
lambdaTriggers: {
preSignUp: preSignUpFunction,
}
});
const userPoolClient = new cognito.UserPoolClient(this, "UserPoolClient", {
// ...
});
this.auth = new sst.Auth(this, 'Auth', {
cognito: {
userPool,
userPoolClient,
},
});
const cognitoArn = this.auth.cognitoUserPool?.userPoolArn;
if (cognitoArn) {
const permissions = [
new iam.PolicyStatement({
actions: [
"cognito-idp:AdminCreateUser",
"cognito-idp:AdminDeleteUser",
"cognito-idp:AdminSetUserPassword",
"cognito-idp:AdminDisableUser",
"cognito-idp:AdminEnableUser",
"cognito-idp:AdminUpdateUserAttributes",
],
effect: iam.Effect.ALLOW,
resources: [
cognitoArn
],
})
];
preSignUpFunction.attachPermissions(permissions);
}g
Gabriel Araújo
12/02/2021, 1:02 PMGabriel Araújo
12/02/2021, 1:03 PMGabriel Araújo
12/02/2021, 1:03 PMmaybe this would help
p
Pavan Kumar
12/02/2021, 2:09 PM@Gabriel Araújo It's not about just permission. It's more about how to get Arn of resource which is created in previous line. In my case access
this.auth.cognitoUserPool?.userPoolArnthis.auth.cognitoUserPool?.userPoolArno
Omi Chowdhury
12/02/2021, 2:44 PMAre you able to use
userPool.userPoolArnp
Pavan Kumar
12/02/2021, 2:48 PM@Omi Chowdhury If I try to use arn directly as follows
Copy code
resources: [
this.auth.cognitoUserPool!.userPoolArn!,
] Copy code
Rules with suggestions must set the `meta.hasSuggestions` property to `true`. `meta.docs.suggestion` is ignored by ESLint
Rule: "@typescript-eslint/no-non-null-assertion"o
Omi Chowdhury
12/02/2021, 2:48 PMI mean instead of using this.auth, use the arn on
cognito.UserPoolp
Pavan Kumar
12/02/2021, 2:49 PMAhh!! Let me try.