我已经使用以下事件模式配置了 AWS 事件规则:
{
"source": [
"aws.cognito-idp"
],
"detail": {
"eventName": [
"AdminSetUserPassword",
"ChangePassword",
"ConfirmForgotPassword"
]
}
我也试过:
{
"source": [
"aws.cognito-idp"
],
"detail": {
"eventName": [
"ChangePassword"
]
}
该事件应该为所有三个 cognito-idp API 调用触发一个 lambda。虽然它确实触发了 AdminSetUserPassword 的事件并调用了 lambda,但它不会为其他两个 API 调用这样做。
我可以看到在 Cloudtrail 中进行了 API 调用,但在 cloudwatch/lambda 指标中没有调用,因此由于某种原因,没有为 ChangePassword 或 ConfirmForgotPassword 调用 lambda。
云形态如下所示:
UpdateUserPasswordLastUpdatedLambdaEventTrigger:
Type: AWS::Events::Rule
Properties:
Description: >-
Rule triggering lambda invocation after cognito user password is changed
by user
EventPattern:
source:
- aws.cognito-idp
detail:
eventName:
- ChangePassword
- ConfirmForgotPassword
State: ENABLED
Targets:
-
Arn: !GetAtt UpdateUserPasswordLastUpdatedLambdaFunction.Arn
Id: "UpdateUserPasswordLastUpdatedLambdaFunction"
PermissionForEventsToInvokeLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt UpdateUserPasswordLastUpdatedLambdaFunction.Arn
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn: !GetAtt
UpdateUserPasswordLastUpdatedLambdaEventTrigger.Arn