Aws lambda 如何在Lambda函数中访问Cognito UserPoolClient Secret？_Aws Lambda_Amazon Cognito_Serverless Framework_Serverless_Aws Userpools

Aws lambda 如何在Lambda函数中访问Cognito UserPoolClient Secret？

aws-lambda

Aws lambda 如何在Lambda函数中访问Cognito UserPoolClient Secret？,aws-lambda,amazon-cognito,serverless-framework,serverless,aws-userpools,Aws Lambda,Amazon Cognito,Serverless Framework,Serverless,Aws Userpools,我已经通过serverless.yml文件中的资源创建了Cognito UserPool和UserpoolClient，如下所示- CognitoUserPool: Type: AWS::Cognito::UserPool Properties: AccountRecoverySetting: RecoveryMechanisms: - Name: verified_email Priority: 2 UserPoolNam

我已经通过serverless.yml文件中的资源创建了Cognito UserPool和UserpoolClient，如下所示-

CognitoUserPool:
  Type: AWS::Cognito::UserPool
  Properties:
    AccountRecoverySetting:
      RecoveryMechanisms:
        - Name: verified_email
          Priority: 2
    UserPoolName: ${self:provider.stage}-user-pool
    UsernameAttributes:
      - email
    MfaConfiguration: OFF
    Policies:
      PasswordPolicy:
        MinimumLength: 8
        RequireLowercase: True
        RequireNumbers: True
        RequireSymbols: True
        RequireUppercase: True

CognitoUserPoolClient:
  Type: AWS::Cognito::UserPoolClient
  Properties:
    ClientName: ${self:provider.stage}-user-pool-client
    UserPoolId:
      Ref: CognitoUserPool
    ExplicitAuthFlows:
      - ALLOW_USER_PASSWORD_AUTH
      - ALLOW_REFRESH_TOKEN_AUTH
    GenerateSecret: true

my_function:
  package: {}
  handler: 
  events:
    - http:
      path:<path>
      method: post
      cors: true
  environment:
    USER_POOL_ID: !Ref CognitoUserPool
    USER_POOL_CLIENT_ID: !Ref CognitoUserPoolClient

现在我可以将Userpool和UserpoolClient作为环境变量传递给lambda函数，如下所示-

CognitoUserPool:
  Type: AWS::Cognito::UserPool
  Properties:
    AccountRecoverySetting:
      RecoveryMechanisms:
        - Name: verified_email
          Priority: 2
    UserPoolName: ${self:provider.stage}-user-pool
    UsernameAttributes:
      - email
    MfaConfiguration: OFF
    Policies:
      PasswordPolicy:
        MinimumLength: 8
        RequireLowercase: True
        RequireNumbers: True
        RequireSymbols: True
        RequireUppercase: True

CognitoUserPoolClient:
  Type: AWS::Cognito::UserPoolClient
  Properties:
    ClientName: ${self:provider.stage}-user-pool-client
    UserPoolId:
      Ref: CognitoUserPool
    ExplicitAuthFlows:
      - ALLOW_USER_PASSWORD_AUTH
      - ALLOW_REFRESH_TOKEN_AUTH
    GenerateSecret: true

my_function:
  package: {}
  handler: 
  events:
    - http:
      path:<path>
      method: post
      cors: true
  environment:
    USER_POOL_ID: !Ref CognitoUserPool
    USER_POOL_CLIENT_ID: !Ref CognitoUserPoolClient

我已经打印了这些值，并且打印正确。但是，UserpoolClient还生成一个AppClient机密，我需要在生成机密哈希时使用它。我应该如何访问我的lambda中的应用程序客户端机密（UserpoolClient's secret）？

现在可能是您所希望的，但您无法在CloudFormation中显式导出客户端机密。查看来自

AWS:：Cognito:：UserPoolClient

的返回值。在那里，您只能获取客户端ID

您可以做的是在另一个CF模板中创建客户机，并在其中创建一个自定义资源来读取并输出机密，或者进行中间步骤，在该步骤中，您可以使用CLI获取该值，然后将其传递到serverless

目前没有其他选择