lamdba configuration

[javabrad]

see https://github.com/hashicorp/terraform/issues/21384

lambda example configuration fails due to map (any) definitions.

"All must be the same type" see the link provided to see an explanation of the error. email_sender is an object, not a string, and as such will fail validation.

lambda_config = { create_auth_challenge = "arn:aws:lambda:us-east-1:123456789012:function:create_auth_challenge" custom_message = "arn:aws:lambda:us-east-1:123456789012:function:custom_message" define_auth_challenge = "arn:aws:lambda:us-east-1:123456789012:function:define_auth_challenge" post_authentication = "arn:aws:lambda:us-east-1:123456789012:function:post_authentication" post_confirmation = "arn:aws:lambda:us-east-1:123456789012:function:post_confirmation" pre_authentication = "arn:aws:lambda:us-east-1:123456789012:function:pre_authentication" pre_sign_up = "arn:aws:lambda:us-east-1:123456789012:function:pre_sign_up" pre_token_generation = "arn:aws:lambda:us-east-1:123456789012:function:pre_token_generation" user_migration = "arn:aws:lambda:us-east-1:123456789012:function:user_migration" verify_auth_challenge_response = "arn:aws:lambda:us-east-1:123456789012:function:verify_auth_challenge_response" kms_key_id = "" custom_email_sender = { lambda_arn = "arn:aws:lambda:us-east-1:123456789012:function:custom_email_sender" lambda_version = "V1_0" } custom_sms_sender = { lambda_arn = "arn:aws:lambda:us-east-1:123456789012:function:custom_sms_sender" lambda_version = "V1_0" } }

[duanvnc]

I just follow the examples/complete with this config, and I suggest that you should add the kms_key_id manually here:

lambda_config = {
    create_auth_challenge          = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-create-auth-challenge"
    custom_message = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-custom-message"
    define_auth_challenge          = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-define-auth-challenge"
    post_authentication            = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-post-authentication"
    post_confirmation = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-post-confirmation"
    pre_authentication             = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-pre-authentication"
    pre_sign_up = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-pre-sign-up"
    pre_token_generation           = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-pre_token-generation"
    user_migration = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-user-migration"
    verify_auth_challenge_response = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-verify-auth-challenge-response"
    kms_key_id = "arn:aws:kms:ap-southeast-1:xxxxxx:key/xxxx"
    custom_sms_sender = {
      lambda_arn     = "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-custom-sms-sender"
      lambda_version = "V1_0"
    }
}

After you are deployed, then check the Lambda Config correct via this command:

aws cognito-idp describe-user-pool --user-pool-id YOUR-Cognito-ID --region ap-southeast-1 |jq -r '.UserPool.LambdaConfig'

It should be:

{
  "PreSignUp": "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-pre-sign-up",
  "CustomMessage": "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-custom-message",
  "PostConfirmation": "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-post-confirmation",
  "CustomSMSSender": {
    "LambdaVersion": "V1_0",
    "LambdaArn": "arn:aws:lambda:ap-southeast-1:xxxxxx:function:cognito-custom-sms-sender"
  },
  "KMSKeyID": "arn:aws:kms:ap-southeast-1:xxxxxx:key/xxxx"
}

[lgallard]

@javabrad lambda_config is defined as any, therefore it accepts different types (string, objects, etc. Please check the complete example and the latest version.

[lgallard]

@javabrad I'm closing this issue because the latest version lambda_config is defined as any. In case you still have the issue, please leave a comment.