search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
459 stars 155 forks source link

aws.cognito.getUserPool result is missing endpoint. #4575

Open mawallace opened 3 weeks ago

mawallace commented 3 weeks ago

Describe what happened

A Cognito user pool's endpoint should be available via the getUserPool data source. It seems like a common use case to have a user pool located in one stack, and then an API with a Cognito-based JWT authorizer that needs the endpoint in another stack (see the example below).

Right now, you have to either

  1. Pipe the user pool endpoint through as a stack output, which is less clean than just outputting the user pool ID and getting all the data via getUserPool
  2. Try to reconstruct the endpoint, which gets tricky if you're using multiple regions

Sample program

This is what I want to be able to do.

...

const otherStack = new pulumi.StackReference('...');
const userPoolId = await otherStack.requireOutputValue('authUserPoolId') as string;
const userPool = aws.cognito.getUserPool({ userPoolId });

const authorizer = new aws.apigatewayv2.Authorizer('authorizer', {
  apiId: api.id,
  authorizerType: 'JWT',
  identitySources: ['$request.header.Authorization'],
  jwtConfiguration: {
    issuer: userPool.endpoint,
    audiences: [authUserPoolClientId],
  },
});

...

However, the endpoint field is not available from the getUserPool result.

Log output

No response

Affected Resource(s)

No response

Output of pulumi about

CLI          
Version      3.131.0
Go Version   go1.23.0
Go Compiler  gc

Host     
OS       ubuntu
Version  22.04
Arch     aarch64

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/mawallace
User           mawallace
Organizations  mawallace
Token type     personal

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

flostadler commented 2 weeks ago

Hey @mawallace, thanks a lot for this enhancement idea! I think this would be a good addition to the provider. It would need to be added to the upstream provider first before we can pull it into pulumi-aws. Can you open a feature request here as well please: https://github.com/hashicorp/terraform-provider-aws/issues.

The endpoints follow a fixed pattern, so in the meantime you could do the following to construct it (typescript example):

const region = aws.getRegionOutput({}).name;
const endpoint = pulumi.interpolate`https://cognito-idp.${region}.amazonaws.com/${userPool.id}`