Closed
Description
What is the problem?
Lambda is changing their authorization strategy.
When you call InvokeFunction(FunctionName='xyz', Qualifier=86)
:
- It used to be the case that you would need IAM permissions granted to the unqualified function name:
xyz
. - It is now the case that you need IAM permissions granted to the qualified function name:
xyz:86
It always was and still will be the case that when you do InvokeFunction(FunctionName='xyz:86')
, you need IAM permissions to invoke xyz:86
.
Since we don't always control what the InvokeFunction
call looks like, it might just be safest/simplest to grant permissions on ['xyz', 'xyz:*']
.
Reproduction Steps
See above
What did you expect to happen?
See above
What actually happened?
Call is rejected
CDK CLI Version
x
Framework Version
No response
Node.js Version
x
OS
x
Language
Typescript, Python, .NET, Java, Go
Language Version
No response
Other information
No response
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Development
No branches or pull requests
Activity
Invoke
withQualifier
authorization strategy #19318function.grantInvoke
while also usingcurrentVersion
#19464fix(lambda): support Lambda's new `Invoke` with `Qualifier` authoriza…
feat(lambda): warn if you use `function.grantInvoke` while also using…
kaizencc commentedon Mar 31, 2022
This issue is closed by the combination of #19318 and #19464
github-actions commentedon Mar 31, 2022
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.
fix(lambda): support Lambda's new `Invoke` with `Qualifier` authoriza…
1 remaining item