Fatal编程技术网
  • aws-lambda/
  • Aws lambda 如何访问另一个cloudformation资源中lambda的返回值?

Aws lambda 如何访问另一个cloudformation资源中lambda的返回值?

aws-lambda mapping amazon-cloudformation

Aws lambda 如何访问另一个cloudformation资源中lambda的返回值?,aws-lambda,mapping,amazon-cloudformation,amazon-cognito,clientid,Aws Lambda,Mapping,Amazon Cloudformation,Amazon Cognito,Clientid,我认为有两种方法可以解决这个问题 一个-使用cfnresponse.send(…responseData)参数。请看这里: 我的例子是: GetClientId: Type: "AWS::Lambda::Function" Properties: Handler: index.handler Role: !GetAtt LambdaESCognitoRole.Arn Code: ZipFile: !Sub |

我认为有两种方法可以解决这个问题

一个-使用
cfnresponse.send(…responseData)
参数。请看这里:

我的例子是:

  GetClientId:
    Type: "AWS::Lambda::Function"
    Properties:
      Handler: index.handler
      Role: !GetAtt LambdaESCognitoRole.Arn
      Code:
        ZipFile: !Sub |
          var AWS = require('aws-sdk');
          const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();
          var response = require('cfn-response');
          var responseData = {};
          exports.handler = async (event, context) => {
            console.log(JSON.stringify(event, null, 2));
            var params = {
              UserPoolId: event.ResourceProperties.UserPoolId
            };
            await cognitoidentityserviceprovider.listUserPoolClients(params, function(err, data) {
              if (err) console.log(err, err.stack); // an error occurred
              else {
                console.log(data); // successful response 
                responseData = {'ClientId': data.UserPoolClients[0].ClientId};
              }
            }).promise();
            response.send(event, context, response.SUCCESS, responseData);
            return;
            }
      Runtime: nodejs8.10 

   CallGetClientId:
     Type: 'Custom::CallGetClientId'
     Version: 1.0
     Properties:
       ServiceToken: !GetAtt GetClientId.Arn
       UserPoolId: !Ref CognitoUserPool

  IdentityPoolRoleMapping:
    Type: "AWS::Cognito::IdentityPoolRoleAttachment"
    Properties:
      IdentityPoolId: !Ref CognitoIdentityPool
      Roles:
        authenticated: !GetAtt AuthenticatedRole.Arn
        unauthenticated: !GetAtt UnauthenticatedRole.Arn
      RoleMappings:
        "cognito-identity-provider":
          IdentityProvider: !Join ['', [ !GetAtt CognitoUserPool.ProviderName, ':', !GetAtt CallGetClientId.ClientId ]] #Need to get the ClientID here
          AmbiguousRoleResolution: Deny
          Type: Rules
          RulesConfiguration:
            Rules:
              - Claim: "custom:groups"
                MatchType: "Contains"
                RoleARN: !GetAtt AuthenticatedRole.Arn
                Value: "user"
              - Claim: "custom:groups"
                MatchType: "Contains"
                RoleARN: !GetAtt AuthenticatedAdminRole.Arn
                Value: "admin"
从Lambda返回数据后,可以在CFN模板中使用!格塔特:

cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, responseData['ClientSecret'])
二-我使用自定义资源作为组件“后处理器”,即创建资源,并在创建后使用自定义资源更新其参数。此顺序将由自定义资源lambda输入参数(依赖项)保证

我的示例是从我的ElasticBeanstalk WebApp中输入Cognito AppClient回调URL。因此,我创建了UserPool AppClient和EB webapp,然后一个后处理器定制资源lambda从EB获取URL,并在Cognito中更新CallbackURL

希望这有帮助

Value: !GetAtt HapiUserPoolClientPostProc.ClientSecret