Cognito circular reference when setting lambda trigger permissions
See original GitHub issueCreate a lambda Create a user pool Assign the lambda to one of the user pool triggers Set the permissions on the lambda to call Cognito APIs against the user pool Get circular reference error in cdk deploy
Reproduction Steps
const postAuthentication = new lambda.Function(this, "postAuthentication", {
description: "Cognito Post Authentication Function",
runtime: lambda.Runtime.NODEJS_12_X,
handler: "postAuthentication.handler",
code: lambda.Code.asset("dist/postAuthentication"),
timeout: cdk.Duration.seconds(30),
memorySize: 256,
environment: {},
});
const userPool = new cognito.UserPool(this, userPoolName, {
....
lambdaTriggers: {
postAuthentication,
},
});
const postAuthPermissionPolicy = new iam.PolicyStatement({
actions: ["cognito-idp:AdminDeleteUserAttributes", "cognito-idp:AdminAddUserToGroup"],
resources: [userPool.userPoolArn],
});
// now give the postAuthentication lambda permission to change things
postAuthentication.addToRolePolicy(postAuthPermissionPolicy);
Error Log
Cognito failed: Error [ValidationError]: Circular dependency between resources
Environment
- CLI Version : 1.31.0
- Framework Version:
- OS :
- Language : Typescript
Other
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Reactions:17
- Comments:20 (7 by maintainers)
Top Results From Across the Web
Cognito-Lambda Trigger: Circular dependency error : r/aws
Hey there, I'm writing a SAM template for Cognito architecture and facing a Circular dependency issue among two resources.
Read more >Circular dependency between resources. Cognito - lambda ...
I only need to set the trigger of my cognito user pool to get custom messages/emails when a user is created. This is...
Read more >Customizing user pool workflows with Lambda triggers
When you create a Lambda trigger outside of the Amazon Cognito console, you must add permissions to the Lambda function. When you add...
Read more >How to work around CloudFormation circular dependencies
In doing so, it introduced a circular dependency between the AppSync API, the Cognito User Pool, the Lambda function and its IAM role....
Read more >Cognito User Pool trigger event - Serverless Forums
But now I'm getting the error: The CloudFormation template is invalid: Circular dependency between resources… Thanks.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@markcarroll -
The workaround for this issue is to not use the
addToRolePolicy()
but instead toattachInlinePolicy()
. See code snippet below -Can you check if this fixes this issue for you?
Today I noticed that userPoolId is inside event object for lambda.