AWS Cognito preSignUp trigger arn: invalid prefix

[urosbelov]

Hello to all, when cognito preSignUp trigger is created, deploy is terminated and there is an error that say:

XXX is an invalid ARN: arn: invalid prefix. Examine values at 'XXX.lambdaConfig.preSignUp'.

[jaduplessis]

Have a look at this pr: https://github.com/sst/ion/pull/447

[jayair]

Nice I'll ask Frank to review.

[jakubknejzlik]

@jaduplessis I've just hit this issue and after fixing it using workaround (see below) I discovered another issue, this time in pulumi: https://github.com/pulumi/pulumi-aws/issues/678

Should invoke permission be implemented here as well? Eg. adding invoke permission for each function:

new aws.lambda.Permission("AllowExecutionFromCognito", {
      action: "lambda:InvokeFunction",
      function: migrateUser.name,
      principal: "cognito-idp.amazonaws.com",
      sourceArn: pool.nodes.userPool.arn,
});

Workaround:

const migrateUser = new sst.aws.Function("MigrateUser", {
      handler: "src/lambdas/migrate-user.handler",
});
 const pool = new sst.aws.CognitoUserPool(
      "RekapUserPool",
      {
        transform: {
          userPool: {
            lambdaConfig: {
              userMigration: migrateUser.arn,
            },
         }
      }
)

[jaduplessis]

@jakubknejzlik I think you make a good point. I had to implement something similar myself. I've updated the PR to create the permissions after the pool and functions have been defined

[fwang]

Thanks @jaduplessis! Will be in the next release.