chore: merge pull request #1174 from awslabs/release/v1.15.0

Author: Shreya

docs/api.rst

@@ -68,6 +68,15 @@ ReservedConcurrentExecutions       All
 Events Properties
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
+Cognito
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+======================== ================================== ========================
+     Property Name        Intrinsic(s) Supported            Reasons
+======================== ================================== ========================
+UserPool                 Ref of a AWS::Cognito::UserPool    Properties in the AWS::Cognito::UserPool are used to construct different attributes.
+Trigger                  All
+======================== ================================== ========================
+
 S3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ======================== ================================== ========================

docs/cloudformation_compatibility.rst

@@ -5,7 +5,7 @@ CloudFormation Resources Generated By SAM
   :local:
   :backlinks: none
 
-When you create a Serverless Function or a Serverlesss API, SAM will create additional AWS resources to wire everything up.
+When you create a Serverless Function or a Serverless API, SAM will create additional AWS resources to wire everything up.
 For example, when you create a ``AWS::Serverless::Function``, SAM will create a Lambda Function resource
 along with an IAM Role resource to give appropriate permissions for your function. This document describes all 
 such generated resources, how they are named, and how to refer to them in your SAM template.
@@ -121,13 +121,53 @@ CloudFormation Resource Type       Logical ID
 AWS::ApiGateway::RestApi           *ServerlessRestApi* 
 AWS::ApiGateway::Stage             *ServerlessRestApi*\ **Prod**\ Stage 
 AWS::ApiGateway::Deployment        *ServerlessRestApi*\ Deployment\ *SHA* (10 Digits of SHA256 of Swagger)
-AWS::Lambda::Permissions           MyFunction\ **ThumbnailApi**\ Permission\ **Prod** 
+AWS::Lambda::Permission            MyFunction\ **ThumbnailApi**\ Permission\ **Prod** 
                                    (Prod is the default Stage Name for implicit APIs)
 ================================== ================================
 
 
   NOTE: ``ServerlessRestApi*`` resources are generated one per stack.
 
+Cognito
+^^^
+
+Example:
+
+.. code:: yaml
+
+  MyFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      ...
+      Events:
+        CognitoTrigger:
+          Type: Cognito
+          Properties:
+            UserPool: !Ref MyUserPool
+            Trigger: PreSignUp
+      ...
+
+  MyUserPool:
+    Type: AWS::Cognito::UserPool
+
+Additional generated resources:
+
+================================== ================================
+CloudFormation Resource Type       Logical ID 
+================================== ================================
+AWS::Lambda::Permissions           *MyFunction*\ CognitoPermission
+AWS::Cognito::UserPool             Existing MyUserPool resource is modified to append ``LambdaConfig`` 
+                                   property where the Lambda function trigger is defined
+================================== ================================
+
+  NOTE: You **must** refer to a Cognito UserPool defined in the same template. This is for two reasons:
+  
+  1. SAM needs to add a ``LambdaConfig`` property to the UserPool resource by reading and modifying the 
+  resource definition
+
+  2. Lambda triggers are specified as a property on the UserPool resource. Since CloudFormation cannot modify a resource
+  created outside of the stack, this bucket needs to be defined within the template.
+
 S3
 ^^^
 
@@ -155,7 +195,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **S3Trigger**\ Permission
+AWS::Lambda::Permission            MyFunction\ **S3Trigger**\ Permission
 AWS::S3::Bucket                    Existing MyBucket resource is modified to append ``NotificationConfiguration`` 
                                    property where the Lambda function trigger is defined
 ================================== ================================
@@ -184,17 +224,23 @@ Example:
           Type: SNS
           Properties:
             Topic: arn:aws:sns:us-east-1:123456789012:my_topic
+            SqsSubscription: true
       ...
 
 Additional generated resources:
 
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **MyTrigger**\ Permission
-AWS::SNS::Subscription             MyFunction\ **MyTrigger** 
+AWS::Lambda::Permission            MyFunction\ **MyTrigger**\ Permission
+AWS::Lambda::EventSourceMapping    MyFunction\ **MyTrigger**\ EventSourceMapping
+AWS::SNS::Subscription             MyFunction\ **MyTrigger**
+AWS::SQS::Queue                    MyFunction\ **MyTrigger**\ Queue
+AWS::SQS::QueuePolicy              MyFunction\ **MyTrigger**\ QueuePolicy
 ================================== ================================
 
+  NOTE: ``AWS::Lambda::Permission`` resources are only generated if SqsSubscription is ``false``. ``AWS::Lambda::EventSourceMapping``, ``AWS::SQS::Queue``, ``AWS::SQS::QueuePolicy`` resources are only generated if SqsSubscription is ``true``.
+
 Kinesis
 ^^^^^^^
 
@@ -219,7 +265,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **MyTrigger**\ Permission
+AWS::Lambda::Permission            MyFunction\ **MyTrigger**\ Permission
 AWS::Lambda::EventSourceMapping    MyFunction\ **MyTrigger** 
 ================================== ================================
 
@@ -246,7 +292,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **MyTrigger**\ Permission
+AWS::Lambda::Permission            MyFunction\ **MyTrigger**\ Permission
 AWS::Lambda::EventSourceMapping    MyFunction\ **MyTrigger** 
 ================================== ================================
 
@@ -274,7 +320,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **MyTrigger**\ Permission
+AWS::Lambda::Permission            MyFunction\ **MyTrigger**\ Permission
 AWS::Lambda::EventSourceMapping    MyFunction\ **MyTrigger** 
 ================================== ================================
 
@@ -301,7 +347,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **MyTimer**\ Permission
+AWS::Lambda::Permission            MyFunction\ **MyTimer**\ Permission
 AWS::Events::Rule                  MyFunction\ **MyTimer** 
 ================================== ================================
 
@@ -331,7 +377,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **OnTerminate**\ Permission
+AWS::Lambda::Permission            MyFunction\ **OnTerminate**\ Permission
 AWS::Events::Rule                  MyFunction\ **OnTerminate** 
 ================================== ================================
 

docs/function.rst

@@ -93,8 +93,6 @@ Resources:
     Type: AWS::Cognito::UserPool
     Properties:
       UserPoolName: !Ref CognitoUserPoolName
-      LambdaConfig:
-        PreSignUp: !GetAtt PreSignupLambdaFunction.Arn
       Policies:
         PasswordPolicy:
           MinimumLength: 8
@@ -124,20 +122,12 @@ Resources:
       MemorySize: 128
       Runtime: nodejs8.10
       Timeout: 3
-
-  LambdaCognitoUserPoolExecutionPermission:
-    Type: AWS::Lambda::Permission
-    Properties: 
-      Action: lambda:InvokeFunction
-      FunctionName: !GetAtt PreSignupLambdaFunction.Arn
-      Principal: cognito-idp.amazonaws.com
-      SourceArn: !Sub 'arn:${AWS::Partition}:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/${MyCognitoUserPool}'
-      # TODO: Add a CognitoUserPool Event Source to SAM to create this permission for you.
-      # Events:
-      #   CognitoUserPoolPreSignup:
-      #     Type: CognitoUserPool
-      #     Properties:
-      #       UserPool: !Ref MyCognitoUserPool
+      Events:
+        CognitoUserPoolPreSignup:
+          Type: Cognito
+          Properties:
+            UserPool: !Ref MyCognitoUserPool
+            Trigger: PreSignUp
 
 Outputs:
     Region:

docs/getting_started.rst

@@ -0,0 +1,26 @@
+# api_lambda_auth_cors
+
+## About
+
+This example shows how to configure a TOKEN Lambda Authorizer as the `DefaultAuthorizer` for an API with CORS enabled.
+
+## Installation
+
+1. Provide a bucket name and deploy the resources
+    ```bash 
+    S3_BUCKET_NAME=your-bucket-name-here \ 
+    npm run package-deploy
+    ```
+1. Install the required NPM dependencies
+    ```bash
+    npm install
+    ```
+1. Start the web server
+    ```bash
+    npm run start
+    ```
+1. Open `http://localhost:8080` in a browser, click the button and an alert will appear with the lambda response
+
+## Cleanup
+
+1. `aws cloudformation delete-stack --stack-name authorizer-cors-example`