resolve merge conflict from develop to master

Author: Shreya Gangishetty

docs/api.rst

@@ -68,6 +68,15 @@ ReservedConcurrentExecutions       All
 Events Properties
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
+Cognito
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+======================== ================================== ========================
+     Property Name        Intrinsic(s) Supported            Reasons
+======================== ================================== ========================
+UserPool                 Ref of a AWS::Cognito::UserPool    Properties in the AWS::Cognito::UserPool are used to construct different attributes.
+Trigger                  All
+======================== ================================== ========================
+
 S3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ======================== ================================== ========================

docs/cloudformation_compatibility.rst

@@ -121,13 +121,53 @@ CloudFormation Resource Type       Logical ID
 AWS::ApiGateway::RestApi           *ServerlessRestApi* 
 AWS::ApiGateway::Stage             *ServerlessRestApi*\ **Prod**\ Stage 
 AWS::ApiGateway::Deployment        *ServerlessRestApi*\ Deployment\ *SHA* (10 Digits of SHA256 of Swagger)
-AWS::Lambda::Permissions           MyFunction\ **ThumbnailApi**\ Permission\ **Prod** 
+AWS::Lambda::Permission            MyFunction\ **ThumbnailApi**\ Permission\ **Prod** 
                                    (Prod is the default Stage Name for implicit APIs)
 ================================== ================================
 
 
   NOTE: ``ServerlessRestApi*`` resources are generated one per stack.
 
+Cognito
+^^^
+
+Example:
+
+.. code:: yaml
+
+  MyFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      ...
+      Events:
+        CognitoTrigger:
+          Type: Cognito
+          Properties:
+            UserPool: !Ref MyUserPool
+            Trigger: PreSignUp
+      ...
+
+  MyUserPool:
+    Type: AWS::Cognito::UserPool
+
+Additional generated resources:
+
+================================== ================================
+CloudFormation Resource Type       Logical ID 
+================================== ================================
+AWS::Lambda::Permissions           *MyFunction*\ CognitoPermission
+AWS::Cognito::UserPool             Existing MyUserPool resource is modified to append ``LambdaConfig`` 
+                                   property where the Lambda function trigger is defined
+================================== ================================
+
+  NOTE: You **must** refer to a Cognito UserPool defined in the same template. This is for two reasons:
+  
+  1. SAM needs to add a ``LambdaConfig`` property to the UserPool resource by reading and modifying the 
+  resource definition
+
+  2. Lambda triggers are specified as a property on the UserPool resource. Since CloudFormation cannot modify a resource
+  created outside of the stack, this bucket needs to be defined within the template.
+
 S3
 ^^^
 
@@ -155,7 +195,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **S3Trigger**\ Permission
+AWS::Lambda::Permission            MyFunction\ **S3Trigger**\ Permission
 AWS::S3::Bucket                    Existing MyBucket resource is modified to append ``NotificationConfiguration`` 
                                    property where the Lambda function trigger is defined
 ================================== ================================
@@ -184,17 +224,23 @@ Example:
           Type: SNS
           Properties:
             Topic: arn:aws:sns:us-east-1:123456789012:my_topic
+            SqsSubscription: true
       ...
 
 Additional generated resources:
 
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **MyTrigger**\ Permission
-AWS::SNS::Subscription             MyFunction\ **MyTrigger** 
+AWS::Lambda::Permission            MyFunction\ **MyTrigger**\ Permission
+AWS::Lambda::EventSourceMapping    MyFunction\ **MyTrigger**\ EventSourceMapping
+AWS::SNS::Subscription             MyFunction\ **MyTrigger**
+AWS::SQS::Queue                    MyFunction\ **MyTrigger**\ Queue
+AWS::SQS::QueuePolicy              MyFunction\ **MyTrigger**\ QueuePolicy
 ================================== ================================
 
+  NOTE: ``AWS::Lambda::Permission`` resources are only generated if SqsSubscription is ``false``. ``AWS::Lambda::EventSourceMapping``, ``AWS::SQS::Queue``, ``AWS::SQS::QueuePolicy`` resources are only generated if SqsSubscription is ``true``.
+
 Kinesis
 ^^^^^^^
 
@@ -219,7 +265,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **MyTrigger**\ Permission
+AWS::Lambda::Permission            MyFunction\ **MyTrigger**\ Permission
 AWS::Lambda::EventSourceMapping    MyFunction\ **MyTrigger** 
 ================================== ================================
 
@@ -246,7 +292,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **MyTrigger**\ Permission
+AWS::Lambda::Permission            MyFunction\ **MyTrigger**\ Permission
 AWS::Lambda::EventSourceMapping    MyFunction\ **MyTrigger** 
 ================================== ================================
 
@@ -274,7 +320,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **MyTrigger**\ Permission
+AWS::Lambda::Permission            MyFunction\ **MyTrigger**\ Permission
 AWS::Lambda::EventSourceMapping    MyFunction\ **MyTrigger** 
 ================================== ================================
 
@@ -301,7 +347,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **MyTimer**\ Permission
+AWS::Lambda::Permission            MyFunction\ **MyTimer**\ Permission
 AWS::Events::Rule                  MyFunction\ **MyTimer** 
 ================================== ================================
 
@@ -331,7 +377,7 @@ Additional generated resources:
 ================================== ================================
 CloudFormation Resource Type       Logical ID 
 ================================== ================================
-AWS::Lambda::Permissions           MyFunction\ **OnTerminate**\ Permission
+AWS::Lambda::Permission            MyFunction\ **OnTerminate**\ Permission
 AWS::Events::Rule                  MyFunction\ **OnTerminate** 
 ================================== ================================
 

docs/function.rst

@@ -93,8 +93,6 @@ Resources:
     Type: AWS::Cognito::UserPool
     Properties:
       UserPoolName: !Ref CognitoUserPoolName
-      LambdaConfig:
-        PreSignUp: !GetAtt PreSignupLambdaFunction.Arn
       Policies:
         PasswordPolicy:
           MinimumLength: 8
@@ -124,20 +122,12 @@ Resources:
       MemorySize: 128
       Runtime: nodejs8.10
       Timeout: 3
-
-  LambdaCognitoUserPoolExecutionPermission:
-    Type: AWS::Lambda::Permission
-    Properties: 
-      Action: lambda:InvokeFunction
-      FunctionName: !GetAtt PreSignupLambdaFunction.Arn
-      Principal: cognito-idp.amazonaws.com
-      SourceArn: !Sub 'arn:${AWS::Partition}:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/${MyCognitoUserPool}'
-      # TODO: Add a CognitoUserPool Event Source to SAM to create this permission for you.
-      # Events:
-      #   CognitoUserPoolPreSignup:
-      #     Type: CognitoUserPool
-      #     Properties:
-      #       UserPool: !Ref MyCognitoUserPool
+      Events:
+        CognitoUserPoolPreSignup:
+          Type: Cognito
+          Properties:
+            UserPool: !Ref MyCognitoUserPool
+            Trigger: PreSignUp
 
 Outputs:
     Region:

docs/getting_started.rst

@@ -0,0 +1,26 @@
+# api_lambda_auth_cors
+
+## About
+
+This example shows how to configure a TOKEN Lambda Authorizer as the `DefaultAuthorizer` for an API with CORS enabled.
+
+## Installation
+
+1. Provide a bucket name and deploy the resources
+    ```bash 
+    S3_BUCKET_NAME=your-bucket-name-here \ 
+    npm run package-deploy
+    ```
+1. Install the required NPM dependencies
+    ```bash
+    npm install
+    ```
+1. Start the web server
+    ```bash
+    npm run start
+    ```
+1. Open `http://localhost:8080` in a browser, click the button and an alert will appear with the lambda response
+
+## Cleanup
+
+1. `aws cloudformation delete-stack --stack-name authorizer-cors-example`