问题描述
我通过 Amplify 有一个 CloudFormation,它定义了一个 Cognito 用户池。我想将从此模板部署的未来环境设置为具有 UsernameConfiguration.CaseSensitive: False
。如果我只是将该属性添加到我的 CloudFormation 模板,更新将失败并显示以下错误:
Reason: Updates are not allowed for property - UsernameConfiguration. (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: InvalidParameterException; Request ID: null; Proxy: null)
有没有办法根据池是否已经存在来调节这个属性? 我希望创建的任何新环境都使用新配置,但仍允许部署旧环境。
这是 Amplify 用来创建用户池的 CloudFormation 模板的片段。
# BEGIN USER POOL RESOURCES
UserPool:
# Created upon user selection
# Depends on SNS Role for Arn if MFA is enabled
Type: AWS::Cognito::UserPool
UpdateReplacePolicy: Retain
Properties:
UserPoolName:
!If [
ShouldNotCreateEnvResources,!Ref userPoolName,!Join ["",[!Ref userPoolName,"-",!Ref env]],]
Schema:
- Name: email
required: true
Mutable: true
LambdaConfig:
PostAuthentication: !Ref functiontestcd9b6b5ePostAuthenticationArn
PostConfirmation: !Ref functiontestcd9b6b5ePostConfirmationArn
PretokenGeneration: !Ref functiontestcd9b6b5ePretokenGenerationArn
AutoVerifiedAttributes: !Ref autoVerifiedAttributes
EmailVerificationMessage: !Ref emailVerificationMessage
EmailVerificationSubject: !Ref emailVerificationSubject
Policies:
PasswordPolicy:
MinimumLength: !Ref passwordPolicyMinLength
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
UsernameAttributes: !Ref usernameAttributes
MfaConfiguration: !Ref mfaConfiguration
SmsverificationMessage: !Ref smsverificationMessage
SmsAuthenticationMessage: !Ref smsAuthenticationMessage
SmsConfiguration:
SnsCallerArn: !GetAtt SNSRole.Arn
ExternalId: testcd9b6b5e_role_external_id
UsernameConfiguration:
CaseSensitive: False
解决方法
有没有办法根据池是否已经存在来调节这个属性?
遗憾的是它不可能,因为 CFN 没有检查池是否存在的功能。如果您需要此类功能,则必须使用 custom resource 自行实现。