问题描述
我想在cognito中创建三组用户;管理员,卖方和买方。管理员将具有最高特权(他们能够管理卖方和买方)。卖方将具有第二高的特权,而买方将具有最低的特权(任何人都可以注册为买方)。我创建了这个cloudFormation。您可以确认这是正确的方法吗?
Resources:
UserPool:
Type: 'AWS::Cognito::UserPool'
Properties:
UserPoolName: '${self:service}-${self:provider.stage}-user-pool'
UsernameAttributes:
- 'email'
AutoVerifiedAttributes:
- 'email'
VerificationMessageTemplate:
DefaultEmailOption: CONFIRM_WITH_LINK
UserPoolAdminUserGroup:
Type: 'AWS::Cognito::UserPoolGroup'
Properties:
Description: 'Admins'
GroupName: '${self:service}-${self:provider.stage}-user-pool-group-admins'
Precedence: 0
UserPoolId:
Ref: UserPool
UserPoolSellerUserGroup:
Type: 'AWS::Cognito::UserPoolGroup'
Properties:
Description: 'Sellers'
GroupName: '${self:service}-${self:provider.stage}-user-pool-group-sellers'
Precedence: 1
UserPoolId:
Ref: UserPool
UserPoolSellerBuyerUserGroup:
Type: 'AWS::Cognito::UserPoolGroup'
Properties:
Description: 'Buyers'
GroupName: '${self:service}-${self:provider.stage}-user-pool-group-buyers'
UserPoolId:
Ref: UserPool
UserPoolClient:
Type: 'AWS::Cognito::UserPoolClient'
Properties:
ClientName: '${self:service}-${self:provider.stage}-user-pool-client'
UserPoolId:
Ref: UserPool
ExplicitAuthFlows:
- 'ALLOW_USER_PASSWORD_AUTH'
- 'ALLOW_REFRESH_TOKEN_AUTH'
PreventUserExistenceErrors: 'ENABLED'
SupportedIdentityProviders:
- 'COGNITO'
UserPoolDomain:
Type: 'AWS::Cognito::UserPoolDomain'
Properties:
UserPoolId:
Ref: UserPool
Domain: '${self:service}-${self:provider.stage}'
ApiGatewayAuthorizer:
DependsOn:
- ApiGatewayRestApi
Type: AWS::ApiGateway::Authorizer
Properties:
Name: EndpointAuthorizer
IdentitySource: method.request.header.Authorization
RestApiId:
Ref: ApiGatewayRestApi
Type: COGNITO_USER_POOLS
ProviderARNs:
- Fn::GetAtt: [UserPool,Arn]
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)