Home > Blockchain >  How to configure 'Pre Token Generation' lambda trigger via SAM?
How to configure 'Pre Token Generation' lambda trigger via SAM?

Time:06-15

Pre Token Generation trigger: This Lambda trigger allows you to customize an identity token before it is generated: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html

I am looking for a way to configure this trigger via SAM. Something like:

ApiJWTAddCustomClaimFunction:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: !Sub ${AWS::StackName}-ApiJWTAddCustomClaimFunction
      Description: Modify JWT before token generation
      Handler: main
      Environment:
        Variables:
          AUTH_API_URL: !Ref AuthApiUrl
          AUTH_SDK_KEYS: !Ref AuthSdkKeys
      Policies:
        - AWSXrayWriteOnlyAccess
        - Statement:
            - Sid: Cognito
              Effect: Allow
              Action:
                - cognito-idp:*
              Resource: '*'

      Events:
        ???

I found another thread on the same question, but this time via CloudFormation. It says support for this feature is on the roadmap.

PS I am a complete newbie on AWS and cloud computing in general. I apologize if my assumptions make no sense whatsoever.

CodePudding user response:

The documentation says these events are exists. https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-cognito.html#sam-function-cognito-trigger

From this I would try something like:

ApiJWTAddCustomClaimFunction:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: !Sub ${AWS::StackName}-ApiJWTAddCustomClaimFunction
      Description: Modify JWT before token generation
      Handler: main
      Environment:
        Variables:
          AUTH_API_URL: !Ref AuthApiUrl
          AUTH_SDK_KEYS: !Ref AuthSdkKeys
      Policies:
        - AWSXrayWriteOnlyAccess
        - Statement:
            - Sid: Cognito
              Effect: Allow
              Action:
                - cognito-idp:*
              Resource: '*'
      Events:
        CognitoUserPoolPreTokenGeneration:
          Type: Cognito
          Properties:
            UserPool:
              Ref: <<<MyCognitoUserPool>>>
            Trigger: PreTokenGeneration
  • Related