pulumi-aws icon indicating copy to clipboard operation
pulumi-aws copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Cognito UserPool constructor incorrectly attaches lambdaConfig lambdas

Open samueltanner opened this issue 1 year ago • 1 comments

When I deploy changes to my cognito user pool, I will often find that my postConfirmation lambda and preTokenGeneration lambda will fail to invoke. I will get access denied exceptions despite having my execution role's trust relationships set correctly.

I have found that I have to go into the AWS console and re-attach the lambdas in order for them to function correctly.

I am running pulumi within a sst V3 instance

  const userPool = new aws.cognito.UserPool(`GGUserPool${$app.stage}`, {
    name: `GGUserPool${$app.stage}`,
    usernameAttributes: ["email"],
    autoVerifiedAttributes: ["email"],
    verificationMessageTemplate: {
      defaultEmailOption: "CONFIRM_WITH_CODE",
      emailMessage:
        "Hello, Thanks for signing up! Your verification code is {####}",
      emailSubject: "Verify your email!",
      smsMessage:
        "Hello, Thanks for signing up! Your verification code is {####}",
    },
    lambdaConfig: {
      postConfirmation: postConfirmationLambdaArn,
      preTokenGeneration: tokenLambdaArn,
    },
  })

samueltanner avatar Sep 20 '24 23:09 samueltanner

Could you please include a fully self-contained example that reproduces the issue? Much appreciated.

t0yv0 avatar Sep 23 '24 18:09 t0yv0