Hi team, I was trying to use the `sst.Auth` constr...
# help
m
Hi team, I was trying to use the
sst.Auth
construct, here are my questions: • what is the syntax for adding custom attributes in the Cognito user pool?
Copy code
customAttributes: {
        company: new StringAttribute({ minLen: 1, maxLen: 255 }),
        type: new StringAttribute({ maxLen: 2048 }),
        custom1: new StringAttribute({ maxLen: 2048 }),
        custom2: new StringAttribute({ maxLen: 2048 }),
      },
• How do I pass google client ID and secret to the user pool for using Google as UserPoolIdentityProvider? • Add a
Amazon Cognito domain
to the user pool.
f
Just to clarify, how are you planning to protect ur API? Using IAM, or JWT token?
From ur question, it seems you are taking the JWT approach. In which case
sst.Auth
isn’t the right construct to use.
m
@Frank, yep. I am planning to use the JWT approach. (I wish I could switch to IAM, but application dev's won't be happy if I asked them to switch to amplify now). We built wrapper APIs long back for signup/sign-in functionality. I am trying to use Cognito-auth or custom auth to restrict access to APIs. the entire app that we are building is accessed through Rest APIs. I used CDK
cognito.UserPool
instead, which was successfully deployed. The new issue is, my lambda trigger doesn't have permissions to read/modify that pool. (circular dependency)
Any ideas, how to get around this?
here is the open GitHub issue explaining the same.
f
Oh I see. Does the
attachInlinePolicy
workaround work?
m
attachInlinePolicy
can't find this method in sst.Function,
addToRolePolicy
did not work.
f
Sorry about the late response.. was away from keyboard earlier.
Copy code
const fn = new sst.Function(...);

fn.role.attachInlinePolicy(new Policy(stack, 'userpool-policy', {
  statements: [ new PolicyStatement({
    actions: ['cognito-idp:DescribeUserPool'],
    resources: [userpool.userPoolArn],
  }) ]
}));
Something like this should work?
m
It worked, thanks!