I am trying to create and deploy a CustomMessageTriggerHandler
lambda for customizing the verification messages sent out by Cognito using cdk, and I would like to include an image asset to be included in the email. This will need to be a public url, but I'm struggling to update its permissions so that the it does not return 403 access denied.
Here is the code I have tried:
export class MyServiceStack extends Stack {
constructor(app: Construct, id: string, props: MyServiceStackProps) {
super(app, id, props)
const imageAsset = new Asset(this, 'logo', {
path: join(__dirname, './assets/logo.png')
})
imageAsset.bucket.grantPublicAccess() // this was my attempt to allow public reads
const customizeVerificationMessage = new NodejsFunction(
this,
'customizeVerificationMessage',
{
//...other config
environment: {
LOGO_URL: imageAsset.httpUrl
}
}
)
// ...other code
const userPool = new UserPool(this, 'userpool', {
//...other config
lambdaTriggers: {
//...other triggers
customMessage: customizeVerificationMessage
},
})
}
}
I expected that this code would create a publicly accessible asset, but
imageAsset.httpUrl
included in the email returns 403.
CodePudding user response:
Yes that will not work as Assets will end up in a private S3 Bucket. You should not use the Assets. Instead create an S3 bucket and upload the picture there with the S3Deployment construct.