Aws lambda 如何访问另一个cloudformation资源中lambda的返回值?
我认为有两种方法可以解决这个问题 一个-使用Aws lambda 如何访问另一个cloudformation资源中lambda的返回值?,aws-lambda,mapping,amazon-cloudformation,amazon-cognito,clientid,Aws Lambda,Mapping,Amazon Cloudformation,Amazon Cognito,Clientid,我认为有两种方法可以解决这个问题 一个-使用cfnresponse.send(…responseData)参数。请看这里: 我的例子是: GetClientId: Type: "AWS::Lambda::Function" Properties: Handler: index.handler Role: !GetAtt LambdaESCognitoRole.Arn Code: ZipFile: !Sub |
cfnresponse.send(…responseData)
参数。请看这里:
我的例子是:
GetClientId:
Type: "AWS::Lambda::Function"
Properties:
Handler: index.handler
Role: !GetAtt LambdaESCognitoRole.Arn
Code:
ZipFile: !Sub |
var AWS = require('aws-sdk');
const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();
var response = require('cfn-response');
var responseData = {};
exports.handler = async (event, context) => {
console.log(JSON.stringify(event, null, 2));
var params = {
UserPoolId: event.ResourceProperties.UserPoolId
};
await cognitoidentityserviceprovider.listUserPoolClients(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
console.log(data); // successful response
responseData = {'ClientId': data.UserPoolClients[0].ClientId};
}
}).promise();
response.send(event, context, response.SUCCESS, responseData);
return;
}
Runtime: nodejs8.10
CallGetClientId:
Type: 'Custom::CallGetClientId'
Version: 1.0
Properties:
ServiceToken: !GetAtt GetClientId.Arn
UserPoolId: !Ref CognitoUserPool
IdentityPoolRoleMapping:
Type: "AWS::Cognito::IdentityPoolRoleAttachment"
Properties:
IdentityPoolId: !Ref CognitoIdentityPool
Roles:
authenticated: !GetAtt AuthenticatedRole.Arn
unauthenticated: !GetAtt UnauthenticatedRole.Arn
RoleMappings:
"cognito-identity-provider":
IdentityProvider: !Join ['', [ !GetAtt CognitoUserPool.ProviderName, ':', !GetAtt CallGetClientId.ClientId ]] #Need to get the ClientID here
AmbiguousRoleResolution: Deny
Type: Rules
RulesConfiguration:
Rules:
- Claim: "custom:groups"
MatchType: "Contains"
RoleARN: !GetAtt AuthenticatedRole.Arn
Value: "user"
- Claim: "custom:groups"
MatchType: "Contains"
RoleARN: !GetAtt AuthenticatedAdminRole.Arn
Value: "admin"
从Lambda返回数据后,可以在CFN模板中使用!格塔特:
cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, responseData['ClientSecret'])
二-我使用自定义资源作为组件“后处理器”,即创建资源,并在创建后使用自定义资源更新其参数。此顺序将由自定义资源lambda输入参数(依赖项)保证
我的示例是从我的ElasticBeanstalk WebApp中输入Cognito AppClient回调URL。因此,我创建了UserPool AppClient和EB webapp,然后一个后处理器定制资源lambda从EB获取URL,并在Cognito中更新CallbackURL
希望这有帮助
Value: !GetAtt HapiUserPoolClientPostProc.ClientSecret