-1

We have identity pools which have event triggers configured to trigger lambda upon sync event from mobile users. Now that we are planning on re-creating the infrastructure using terraform so we can automate stuff, we are facing difficulties in setting up the cognito sync trigger.

We have attempted to use the aws_lambda_permission with source_arn pointing to the identity pool but still the trigger is created which shows that part of the configuration is missing (seen in web console). We are not able to identify the terraform configuration from the documentation for aws_cognito_identity_pool resource which can configure the event for identity pool. We are aware that AWS recommends Appsync in place of cognito sync but this was developed long back and we are not in the idea of migrating any sooner.

harishanth raveendren
  • 534
  • 5
  • 8

2 Answers2

1

That functionality requires a call to the SetCognitoEvents method on the CognitoSync client. Searching through the AWS Terraform Provider source code, I can't find that anywhere. I also don't see anything in the AWS Terraform Provider documentation that would indicate you can configure this feature from Terraform.

I have to conclude that at this time you cannot configure this feature using Terraform, and since it is a deprecated feature I doubt Terraform will ever add support for it.

Your best bet may be to use a null provider to call the AWS CLI command aws cognito-sync set-cognito-events.

Mark B
  • 183,023
  • 24
  • 297
  • 295
0

You can use aws_lambda_event_source_mapping to achieve this:

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping

resource "aws_lambda_event_source_mapping" "example" {
  event_source_arn = aws_cognito_identity_pool.main.arn
  function_name    = aws_lambda_function.main.arn
}

resource "aws_lambda_permission" "examle" {
  statement_id  = "AllowExecutionFromCognitoSync"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.main.function_name
  principal     = "cognito-sync.amazonaws.com"
  source_arn    = aws_cognito_identity_pool.main.arn
}

TLDR:

Looking to how we can handle this, we just need to add a trigger to the lambda configuration:

Adding Cognito Sync Trigger to Lambda

As api gateway trigger is added in the same way, we should do it in the same way with terraform:

Api Gateway Lambda Trgger

https://aws.amazon.com/blogs/mobile/introducing-amazon-cognito-events-sync-triggers/

I hope this will help you ;)

Igor Quirino
  • 1,187
  • 13
  • 28
  • Oh this doesnt work, it throws error -- Error: creating Lambda Event Source Mapping (arn:aws:cognito-identity******): InvalidParameterValueException: Unrecognized event source, must be kinesis, dynamodb stream or sqs. Unsupported source arn : **** │ Message_: "Unrecognized event source, must be kinesis, dynamodb stream or sqs. Unsupported source arn : arn:aws:cognito-identity:*****" – harishanth raveendren Aug 01 '23 at 10:05