Cognito User Pool AuthorizerId cannot be set in API Gateway Cloudformation

Question

I successfully deployed a Cognito User Pool and used it to authenticate against a Method that I set up to proxy to my API in API gateway, and now I'm creating a Cloudformation template of the same stack. Using Cloudformation, I set up my API Gateway and the Authorizer that uses my User Pool. Works fine. when I try to deploy a Method that uses the Authorizer, it fails saying:

Invalid authorizer ID specified. Setting the authorization type to CUSTOM
or COGNITO_USER_POOLS requires a valid authorizer.

This is the relevant part of the Cloudformation stack:

TestMethod:
  Type: AWS::ApiGateway::Method
  Properties:
    RestApiId: !Ref RestApi
    ResourceId: !Ref TestResource
    HttpMethod: POST      
    AuthorizationType: COGNITO_USER_POOLS
    AuthorizerId: !Ref ApiAuthorizer
    Integration:
      Type: HTTP_PROXY
      IntegrationHttpMethod: POST
      Uri: https://api.example.com/test

ApiAuthorizer: 
  Type: "AWS::ApiGateway::Authorizer"
  Properties: 
    AuthorizerResultTtlInSeconds: 300
    IdentitySource: method.request.header.Authorization
    Name: CognitoDefaultUserPoolAuthorizer
    ProviderARNs: 
      - !ImportValue DefaultUserPool::Arn
    RestApiId: !Ref RestApi
    Type: "COGNITO_USER_POOLS"

The Authorizer deploys fine and I can see its ID in Cloudformation, and the method deploys fine without authorisation added to it. The same problem happens if I state the ID directly instead of referencing the Authorizer.

The Authorizer docs for Cloudformation say that a Ref! should return the ID, so I'm really puzzled as to what's going on here.

Seems like a bug to me but maybe I'm missing something?

Answer 1

AWS have fixed this now. It works as per my original posted example.