fix: return valid arn from createTriggers function (#447)

* fix: return valid arn from createTriggers function * feat: included function to create permissions for cognito to invoke the trigger functions * parent not set --------- Co-authored-by: Frank <frank@sst.dev>
sst · May 29, 2024 · 2eab6b5 · 2eab6b5
1 parent 2c19c99
commit 2eab6b5
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 8 deletions.
diff --git a/examples/aws-cognito/index.ts b/examples/aws-cognito/index.ts
@@ -0,0 +1 @@
+export async function handler() {}
diff --git a/examples/aws-cognito/sst.config.ts b/examples/aws-cognito/sst.config.ts
@@ -9,7 +9,13 @@ export default $config({
     };
   },
   async run() {
-    const userPool = new sst.aws.CognitoUserPool("MyUserPool");
+    const userPool = new sst.aws.CognitoUserPool("MyUserPool", {
+      triggers: {
+        preSignUp: {
+          handler: "index.handler",
+        },
+      },
+    });
     const client = userPool.addClient("Web");
     const identityPool = new sst.aws.CognitoIdentityPool("MyIdentityPool", {
       userPools: [

diff --git a/pkg/platform/src/components/aws/cognito-user-pool.ts b/pkg/platform/src/components/aws/cognito-user-pool.ts
@@ -177,7 +177,7 @@ export class CognitoUserPool
   constructor(
     name: string,
     args: CognitoUserPoolArgs = {},
-    opts?: ComponentResourceOptions
+    opts?: ComponentResourceOptions,
   ) {
     super(__pulumiType, name, args, opts);
 
@@ -186,14 +186,15 @@ export class CognitoUserPool
     normalizeAliasesAndUsernames();
     const triggers = createTriggers();
     const userPool = createUserPool();
+    createPermissions();
 
     this.userPool = userPool;
 
     function normalizeAliasesAndUsernames() {
       all([args.aliases, args.usernames]).apply(([aliases, usernames]) => {
         if (aliases && usernames) {
           throw new VisibleError(
-            "You cannot set both aliases and usernames. Learn more about customizing sign-in attributes at https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases"
+            "You cannot set both aliases and usernames. Learn more about customizing sign-in attributes at https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases",
           );
         }
       });
@@ -210,11 +211,13 @@ export class CognitoUserPool
               value,
               {
                 description: `Subscribed to ${trigger} from ${name}`,
-              }
+              },
+              undefined,
+              { parent },
             );
-            return [trigger, fn];
-          })
-        )
+            return [trigger, fn.arn];
+          }),
+        ),
       );
     }
 
@@ -276,9 +279,28 @@ export class CognitoUserPool
           },
           lambdaConfig: triggers,
         }),
-        { parent }
+        { parent },
       );
     }
+
+    function createPermissions() {
+      if (!triggers) return;
+
+      triggers.apply((triggers) => {
+        Object.entries(triggers).forEach(([trigger, functionArn]) => {
+          new aws.lambda.Permission(
+            `${name}Permission${trigger}`,
+            {
+              action: "lambda:InvokeFunction",
+              function: functionArn,
+              principal: "cognito-idp.amazonaws.com",
+              sourceArn: userPool.arn,
+            },
+            { parent },
+          );
+        });
+      });
+    }
   }
 
   /**