I have a core stack thats in its own "repo" (using...
# help
p
I have a core stack thats in its own "repo" (using monorepo rush.js ftw!). Core consists of VPC / Cognito User pool which allows me to control env (dev / sandbox / test / prod / whatever). I want to setup our BFF to us that userpool and create its own identity pool etc. (pretty sure this is a thing). Main goal is that every sandbox / dev / whatever doesn't have to kick up its own VPC / Cognito Pool / Maybe like redshift or something... unclear what else I'm going to put into here.
Copy code
const userPoolId = cdk.Fn.importValue(`${props.infraCoreStage}-userpool-id`);
const userPool = cognito.UserPool.fromUserPoolId(this, CONSTANTS.environmentUserPool, userPoolId);
I can't seem to use the sst.Auth as userPool is a IUserPool.
Copy code
this.auth = new sst.Auth(this, scope.logicalPrefixedName(CONSTANTS.authPrefixName), {
            cognito: {
                userPool, // does not like this
                userPoolClient // or this
            },
            identityPool: {
                allowUnauthenticatedIdentities: false
            },
            google: {
                clientId
            }
        });
1. Is this not a common pattern? 2. What horrible thing I'm I doing wrong? 3. I miss water cooler days too...
s
hey Patrick! FWIW, I was making this same decision and decided to have a 100% standalone set of stacks for each dev account (Cognito, DBs, API, etc). the reasoning behind it is that if a dev wants to try some drastic change involving any of those core services, they can safely do so. if there were just one instance in a primary account, they couldn’t do that. as for your issue, get rid of the
cognito
property & try:
Copy code
cognitoUserPool: cognito.UserPool.fromUserPoolId(...)
p
I tried that but ran into this:
Copy code
Error: The "cognitoUserPool" property is deprecated. Use the "cognito.userPool" instead. More details on upgrading - <https://docs.serverless-stack.com/constructs/Auth#upgrading-to-v0120>
s
Wait. If Cognito already exists, you wouldn't want to do
new sst.Auth
as that would create a new pool.
You're trying to have multiple AWS accounts reference a Cognito user pool in a main account, right?
p
I "believe" the underlining code won't create a new user pool if you pass it in
Copy code
} else if (cdk.Construct.isConstruct(cognitoProps.userPool)) {
        isUserPoolImported = true;
        this.cognitoUserPool = cognitoProps.userPool;
but yes I want to have just one user pool in the core stack or main account and multiple aws accounts use it as a reference.
I'm thinking since I've already created the user pool / user pool client / google auth thingy. I should probably just figure out how to create the identity pool without using sst 😞.
f
Hey @Patrick Young Identity pool currently doesn’t support using imported user pool. (a limitation on the CDK side)
That said, @thdxr has suggested this approach before:
Copy code
new CoreStack(app, "core", {
    stackName: /* if is a dev stage */
      ? `${app.name}-core`
      : undefined,
  })
You pretty much don’t parameterize the Core stack’s name with the stage name. Hence all the dev stages will deploy and share the same core stack.
We haven’t put too much thought into whether this is a good pattern. But I guess you can try it out for dev stages.