UserPoolLambdaInvokePermission: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: cognito-idp.amazonaws.com FunctionName: <function-name> SourceArn: arn:aws:cognito-idp:<your region>:<your account>:userpool/*
