/
permissions.js
39 lines (34 loc) · 1.2 KB
/
permissions.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
'use strict';
const { awsRequest } = require('../../utils');
function getStatementId(functionName, userPoolName) {
const normalizedUserPoolName = userPoolName.toLowerCase().replace(/[.:*\s]/g, '');
const id = `${functionName}-${normalizedUserPoolName}`;
if (id.length < 100) {
return id;
}
return id.substring(0, 100);
}
function addPermission(config) {
const { functionName, userPoolName, partition, region, accountId, userPoolId } = config;
const payload = {
Action: 'lambda:InvokeFunction',
FunctionName: functionName,
Principal: 'cognito-idp.amazonaws.com',
StatementId: getStatementId(functionName, userPoolName),
SourceArn: `arn:${partition}:cognito-idp:${region}:${accountId}:userpool/${userPoolId}`,
};
return awsRequest({ name: 'Lambda', params: { region } }, 'addPermission', payload);
}
function removePermission(config) {
const { functionName, userPoolName, region } = config;
const payload = {
FunctionName: functionName,
StatementId: getStatementId(functionName, userPoolName),
};
return awsRequest({ name: 'Lambda', params: { region } }, 'removePermission', payload);
}
module.exports = {
getStatementId,
addPermission,
removePermission,
};