lambdaTriggers on a CognitoStack

I’m trying to setup custom auth triggers on cognito, but can’t seem to work out how to connect the lambda functions defined in my serverless.yml with my cognito stack being built with SST.

From what I can tell, I need to define the triggers when the stack is created, but I can’t quite work out how to pass the triggers in through props - how do I refer to the serverless functions in the creation of the stack?

My SST index:

import CognitoStack from "./CognitoStack";

export default function main(app) {
  new CognitoStack(app, "cognito", { triggers: "WHAT GOES HERE?" });

My cognito stack:

export default class CognitoStack extends sst.Stack {
  constructor(scope, id, props) {
    super(scope, id, props);

    const userPool = new cognito.UserPool(this, "UserPool", {
        signInAliases: { username: true, email: true, phone: true },
        lambdaTriggers: {
          defineAuthChallenge: props.triggers.defineAuthChallenge,
          createAuthChallenge: props.triggers.createAuthChallenge,
          verifyAuthChallengeResponse: props.triggers.verifyAuthChallengeResponse,
       selfSignUpEnabled: false,

    const userPoolClient = new cognito.UserPoolClient(this, "UserPoolClient", {
      authFlows: {
        custom: true,
        refreshToken: true,

    // Export values
    new CfnOutput(this, "UserPoolId", {
      value: userPool.userPoolId,
   new CfnOutput(this, "UserPoolClientId", {
      value: userPoolClient.userPoolClientId,

And my serverless.yml:

  stage: ${opt:stage, self:provider.stage}
  sstApp: ${self:custom.stage}-auth-infra

  name: aws
  runtime: nodejs12.x
  stage: dev
  region: eu-west-1

    handler: handler.defineAuthChallenge
      - cognitoUserPool:
          pool: !ImportValue ${self:custom.sstApp}-UserPoolId
          trigger: defineAuthChallenge
    handler: handler.createAuthChallenge
      - cognitoUserPool:
          pool: !ImportValue ${self:custom.sstApp}-UserPoolId
          trigger: createAuthChallenge
    handler: handler.verifyAuthChallengeResponse
      - cognitoUserPool:
          pool: !ImportValue ${self:custom.sstApp}-UserPoolId
          trigger: verifyAuthChallengeResponse

So under this setup, you are first deploying the SST app right? And then deploying your Lambda functions?

If that’s the case then you can’t really pass in the props because they wouldn’t have been created yet? I haven’t tried this exact scenario but in the guide we attach the Cognito Auth Role in Serverless Framework after SST deploys the Identity Pool.