chore: deprecate qualifier parameter for lambda integrations (aws#19548)

‼️ Lambda is changing their authorization strategy. Under this new behavior customer lambda invocations will fail in this scenario: - the invocation is requested using an IAM Permission with an unqualified ARN as the FunctionName - the invocation is requested with an unqualified ARN and a Qualifier parameter The idea is to steer away from invoking lambdas with a Qualifier request parameter altogether, hence the deprecations. Instead, customers should be requesting permissions on qualified ARNs (versions and aliases) if they want to invoke versions/aliases. See aws#19464. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
StevePotter · Apr 27, 2022 · 94e8403 · 94e8403
1 parent f2edc58
commit 94e8403
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/invoke.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/invoke.ts
@@ -45,6 +45,7 @@ export interface LambdaInvokeProps extends sfn.TaskStateBaseProps {
    * directly as the `lambdaFunction` argument.
    *
    * @default - Version or alias inherent to the `lambdaFunction` object.
+   * @deprecated pass a Version or Alias object as lambdaFunction instead
    */
   readonly qualifier?: string;
 

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/run-lambda-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/run-lambda-task.ts
@@ -48,6 +48,7 @@ export interface RunLambdaTaskProps {
    * Version or alias of the function to be invoked
    *
    * @default - No qualifier
+   * @deprecated pass a Version or Alias object as lambdaFunction instead
    */
   readonly qualifier?: string;
 }

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/invoke.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/invoke.test.ts
@@ -2,6 +2,7 @@ import * as lambda from '@aws-cdk/aws-lambda';
 import * as sfn from '@aws-cdk/aws-stepfunctions';
 import { Stack } from '@aws-cdk/core';
 import { LambdaInvocationType, LambdaInvoke } from '../../lib';
+import { testDeprecated } from '@aws-cdk/cdk-build-tools';
 
 /* eslint-disable quote-props */
 
@@ -66,7 +67,7 @@ describe('LambdaInvoke', () => {
     });
   });
 
-  test('optional settings', () => {
+  testDeprecated('optional settings', () => {
     // WHEN
     const task = new LambdaInvoke(stack, 'Task', {
       lambdaFunction,
@@ -163,7 +164,7 @@ describe('LambdaInvoke', () => {
     }));
   });
 
-  test('invoke Lambda function and wait for task token', () => {
+  testDeprecated('invoke Lambda function and wait for task token', () => {
     // GIVEN
     const task = new LambdaInvoke(stack, 'Task', {
       lambdaFunction,
@@ -360,7 +361,7 @@ describe('LambdaInvoke', () => {
     }).toThrow(/The 'payloadResponseOnly' property cannot be used if 'integrationPattern', 'invocationType', 'clientContext', or 'qualifier' are specified./);
   });
 
-  test('fails when qualifier used with payloadResponseOnly', () => {
+  testDeprecated('fails when qualifier used with payloadResponseOnly', () => {
     expect(() => {
       new LambdaInvoke(stack, 'Task', {
         lambdaFunction,