hassaku63 · December 13, 2018 03:22
diff --git a/cognito-authorizer-example.yaml b/cognito-authorizer-example.yaml
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: AWS::Serverless-2016-10-31
 Description: >
    AWS Serverless Application

    Sample SAM Template for AWS Serverless Application


 # More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
 Globals:
    Function:
        Timeout: 3


 Resources:
    ApiGatewayWithAuthorizer:
        Type: AWS::Serverless::Api
        Properties:
            Name: !Join [ '-', [ 'sample-api-with-auth' , Ref: "AWS::StackName" ]]
            StageName: stage
            Auth:
                DefaultAuthorizer: MyCognitoAuthorizer
                Authorizers:
                    MyCognitoAuthorizer:
                        UserPoolArn: !GetAtt MyCognitoUserPool.Arn

    HelloWorldFunction:
        Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
        Properties:
            CodeUri: hello_world/
            Handler: app.lambda_handler
            Runtime: python3.6
            Environment: # More info about Env Vars: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#environment-object
                Variables:
                    PARAM1: VALUE
            Events:
                HelloWorld:
                    Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
                    Properties:
                        Path: /hello
                        Method: get
                        RestApiId: !Ref ApiGatewayWithAuthorizer

    MyCognitoUserPool:
        Type: AWS::Cognito::UserPool
        Properties:
            UserPoolName: !Join [ '-', [ 'sample-user-pool' , Ref: "AWS::StackName" ]]
            AdminCreateUserConfig:
                AllowAdminCreateUserOnly: false
                UnusedAccountValidityDays: 7
            AutoVerifiedAttributes: [ email ]
            UsernameAttributes: [ email ]
            Policies:
                PasswordPolicy:
                    MinimumLength: 8
                    RequireLowercase: true
                    RequireNumbers: true
                    RequireSymbols: true
                    RequireUppercase: true

            Schema:
                -
                    Name: sub
                    AttributeDataType: String
                    DeveloperOnlyAttribute: false
                    Mutable: false
                    Required: true
                    StringAttributeConstraints:
                        MinLength: 1
                        MaxLength: 2048
                -
                    Name: email
                    AttributeDataType: String
                    Required: true
                    DeveloperOnlyAttribute: false
                    Mutable: true
                    StringAttributeConstraints:
                        MaxLength: 2048
                        MinLength: 0

    MyUserPoolAppClient:
        Type: AWS::Cognito::UserPoolClient
        Properties:
            GenerateSecret: false
            UserPoolId: !Ref MyCognitoUserPool

 Outputs:

    HelloWorldApi:
        Description: "API Gateway endpoint URL for Prod stage for Hello World function"
        Value: !Sub "https://${ApiGatewayWithAuthorizer}.execute-api.${AWS::Region}.amazonaws.com/Prod/hello/"

    HelloWorldFunction:
        Description: "Hello World Lambda Function ARN"
        Value: !GetAtt HelloWorldFunction.Arn

    HelloWorldFunctionIamRole:
        Description: "Implicit IAM Role created for Hello World function"
        Value: !GetAtt HelloWorldFunctionRole.Arn

    CognitoUserPoolId:
        Description: "Cognito User Pool ID"
        Value: !Ref MyCognitoUserPool

    CognitoUserPoolArn:
        Description: "Cognito User Pool ARN"
        Value: !GetAtt MyCognitoUserPool.Arn

    CognitoUserPoolProviderURL:
        Description: "Cognito User Pool Provider URL"
        Value: !GetAtt MyCognitoUserPool.ProviderURL
	AWSTemplateFormatVersion: '2010-09-09'
	Transform: AWS::Serverless-2016-10-31
	Description: >
	AWS Serverless Application

	Sample SAM Template for AWS Serverless Application


	# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
	Globals:
	Function:
	Timeout: 3


	Resources:
	ApiGatewayWithAuthorizer:
	Type: AWS::Serverless::Api
	Properties:
	Name: !Join [ '-', [ 'sample-api-with-auth' , Ref: "AWS::StackName" ]]
	StageName: stage
	Auth:
	DefaultAuthorizer: MyCognitoAuthorizer
	Authorizers:
	MyCognitoAuthorizer:
	UserPoolArn: !GetAtt MyCognitoUserPool.Arn

	HelloWorldFunction:
	Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
	Properties:
	CodeUri: hello_world/
	Handler: app.lambda_handler
	Runtime: python3.6
	Environment: # More info about Env Vars: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#environment-object
	Variables:
	PARAM1: VALUE
	Events:
	HelloWorld:
	Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
	Properties:
	Path: /hello
	Method: get
	RestApiId: !Ref ApiGatewayWithAuthorizer

	MyCognitoUserPool:
	Type: AWS::Cognito::UserPool
	Properties:
	UserPoolName: !Join [ '-', [ 'sample-user-pool' , Ref: "AWS::StackName" ]]
	AdminCreateUserConfig:
	AllowAdminCreateUserOnly: false
	UnusedAccountValidityDays: 7
	AutoVerifiedAttributes: [ email ]
	UsernameAttributes: [ email ]
	Policies:
	PasswordPolicy:
	MinimumLength: 8
	RequireLowercase: true
	RequireNumbers: true
	RequireSymbols: true
	RequireUppercase: true

	Schema:
	-
	Name: sub
	AttributeDataType: String
	DeveloperOnlyAttribute: false
	Mutable: false
	Required: true
	StringAttributeConstraints:
	MinLength: 1
	MaxLength: 2048
	-
	Name: email
	AttributeDataType: String
	Required: true
	DeveloperOnlyAttribute: false
	Mutable: true
	StringAttributeConstraints:
	MaxLength: 2048
	MinLength: 0

	MyUserPoolAppClient:
	Type: AWS::Cognito::UserPoolClient
	Properties:
	GenerateSecret: false
	UserPoolId: !Ref MyCognitoUserPool

	Outputs:

	HelloWorldApi:
	Description: "API Gateway endpoint URL for Prod stage for Hello World function"
	Value: !Sub "https://${ApiGatewayWithAuthorizer}.execute-api.${AWS::Region}.amazonaws.com/Prod/hello/"

	HelloWorldFunction:
	Description: "Hello World Lambda Function ARN"
	Value: !GetAtt HelloWorldFunction.Arn

	HelloWorldFunctionIamRole:
	Description: "Implicit IAM Role created for Hello World function"
	Value: !GetAtt HelloWorldFunctionRole.Arn

	CognitoUserPoolId:
	Description: "Cognito User Pool ID"
	Value: !Ref MyCognitoUserPool

	CognitoUserPoolArn:
	Description: "Cognito User Pool ARN"
	Value: !GetAtt MyCognitoUserPool.Arn

	CognitoUserPoolProviderURL:
	Description: "Cognito User Pool Provider URL"
	Value: !GetAtt MyCognitoUserPool.ProviderURL