serverless-application-model icon indicating copy to clipboard operation
serverless-application-model copied to clipboard
verified publisher icon aws

Cognito UserPools resource is outdated

Open valerena opened this issue 10 months ago • 2 comments

Description

SAM-T doesn't support using newer fields from Cognito UserPool. In particular, there's a recent UserPoolTier field that was released at the end of last year.

The CognitoUserPool model is not updated: https://github.com/aws/serverless-application-model/blob/3ed5efe56a5b4f24f2214a6c7d57b00fc4f7c731/samtranslator/model/cognito.py#L5-L6

Normally SAM-T would ignore non-Serverless, but because of the Cognito Event, SAM-T needs to read this resource to inject the Lambda configuration

Steps to reproduce

You can reproduce the problem with this template:

Transform: AWS::Serverless-2016-10-31

Resources:
  HelloWorldFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: "s3://helloworld"
      Handler: app.lambda_handler
      Runtime: python3.11
      Events:
        myEvent:
          Properties:
            Trigger: MyEvent
            UserPool: !Ref ExampleUserPool
          Type: Cognito
  
  ExampleUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName: Example_CloudFormation_UserPool
      UserPoolTier: PLUS

Observed result

If you try to transform that, you get an error

ERROR:__main__:Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [ExampleUserPool] is invalid. property UserPoolTier not defined for resource of type AWS::Cognito::UserPool

Expected result

Template should be correctly transformed.

Additional environment details

  1. OS:
  2. If using the SAM CLI, sam --version:
  3. AWS region:

valerena avatar Feb 27 '25 20:02 valerena

We can refer to this step as we'll if it works out;

Step 1: Update the CognitoUserPool Model

Locate the cognito.py file in the samtranslator library (usually found in the samtranslator/model/ directory) and update the CognitoUserPool class to include the UserPoolTier property.

# samtranslator/model/cognito.py

from samtranslator.model import PropertyType, Resource
from samtranslator.model.types import is_type, is_str

class CognitoUserPool(Resource):
    resource_type = "AWS::Cognito::UserPool"
    property_types = {
        "UserPoolName": PropertyType(False, is_str()),
        "UserPoolTier": PropertyType(False, is_str()),  # Add this line
        # Add other properties as needed
    }

Step 2: Rebuild and Reinstall the samtranslator Library

After making the changes, you need to rebuild and reinstall the samtranslator library. If you are using a virtual environment, make sure to activate it first.

# Navigate to the directory where the samtranslator library is located
cd path/to/samtranslator

# Rebuild and reinstall the library
python setup.py install

Step 3: Test the Updated Template

Now, you can test your updated SAM template with the UserPoolTier property.

Transform: AWS::Serverless-2016-10-31

Resources:
  HelloWorldFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: "s3://helloworld"
      Handler: app.lambda_handler
      Runtime: python3.11
      Events:
        myEvent:
          Properties:
            Trigger: MyEvent
            UserPool: !Ref ExampleUserPool
          Type: Cognito
  
  ExampleUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName: Example_CloudFormation_UserPool
      UserPoolTier: PLUS  # This should now work without errors

Step 4: Deploy the Template

Finally, deploy your SAM template using the SAM CLI:

sam deploy --template-file template.yaml --stack-name my-stack --capabilities CAPABILITY_IAM

imSanko avatar Feb 28 '25 02:02 imSanko

This issue is also present in the CloudFormation service. I can't create stacks that have UserPoolTier if the template has a Transform: AWS::Serverless-2016-10-31.

jarreds avatar Mar 24 '25 17:03 jarreds