Aws lambda 如何在Lambda函数中访问Cognito UserPoolClient Secret?
我已经通过serverless.yml文件中的资源创建了Cognito UserPool和UserpoolClient,如下所示-Aws lambda 如何在Lambda函数中访问Cognito UserPoolClient Secret?,aws-lambda,amazon-cognito,serverless-framework,serverless,aws-userpools,Aws Lambda,Amazon Cognito,Serverless Framework,Serverless,Aws Userpools,我已经通过serverless.yml文件中的资源创建了Cognito UserPool和UserpoolClient,如下所示- CognitoUserPool: Type: AWS::Cognito::UserPool Properties: AccountRecoverySetting: RecoveryMechanisms: - Name: verified_email Priority: 2 UserPoolNam
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 2
UserPoolName: ${self:provider.stage}-user-pool
UsernameAttributes:
- email
MfaConfiguration: OFF
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: True
RequireNumbers: True
RequireSymbols: True
RequireUppercase: True
CognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: ${self:provider.stage}-user-pool-client
UserPoolId:
Ref: CognitoUserPool
ExplicitAuthFlows:
- ALLOW_USER_PASSWORD_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
GenerateSecret: true
my_function:
package: {}
handler:
events:
- http:
path:<path>
method: post
cors: true
environment:
USER_POOL_ID: !Ref CognitoUserPool
USER_POOL_CLIENT_ID: !Ref CognitoUserPoolClient
现在我可以将Userpool和UserpoolClient作为环境变量传递给lambda函数,如下所示-
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 2
UserPoolName: ${self:provider.stage}-user-pool
UsernameAttributes:
- email
MfaConfiguration: OFF
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: True
RequireNumbers: True
RequireSymbols: True
RequireUppercase: True
CognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: ${self:provider.stage}-user-pool-client
UserPoolId:
Ref: CognitoUserPool
ExplicitAuthFlows:
- ALLOW_USER_PASSWORD_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
GenerateSecret: true
my_function:
package: {}
handler:
events:
- http:
path:<path>
method: post
cors: true
environment:
USER_POOL_ID: !Ref CognitoUserPool
USER_POOL_CLIENT_ID: !Ref CognitoUserPoolClient
我已经打印了这些值,并且打印正确。但是,UserpoolClient还生成一个AppClient机密,我需要在生成机密哈希时使用它。我应该如何访问我的lambda中的应用程序客户端机密(UserpoolClient's secret)?现在可能是您所希望的,但您无法在CloudFormation中显式导出客户端机密。查看来自
AWS::Cognito::UserPoolClient
的返回值。在那里,您只能获取客户端ID
您可以做的是在另一个CF模板中创建客户机,并在其中创建一个自定义资源来读取并输出机密,或者进行中间步骤,在该步骤中,您可以使用CLI获取该值,然后将其传递到serverless
目前没有其他选择