Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws_lambda): execution role example uses wrong service principal #16427

Closed
andrewgoss opened this issue Sep 9, 2021 · 3 comments
Closed

(aws_lambda): execution role example uses wrong service principal #16427

andrewgoss opened this issue Sep 9, 2021 · 3 comments
Assignees
@vinayak-kukreja
Labels
@aws-cdk/aws-lambda Related to AWS Lambda cause/not-a-bug Not a bug (might still be a documentation issue, might still need work) docs/inline Related to inline documentation of the API Reference documentation This is a problem with documentation. p2

Comments

@andrewgoss
Copy link

https://docs.aws.amazon.com/cdk/api/latest/docs/aws-lambda-readme.html
https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-lambda/README.md

In the readme, the following code snippet is provided as an example of creating your own execution role for the lambda function:

import * as iam from '@aws-cdk/aws-iam';
const myRole = new iam.Role(this, 'My Role', {
  assumedBy: new iam.ServicePrincipal('sns.amazonaws.com'),
});
const fn = new Function(this, 'MyFunction', {
  runtime: Runtime.NODEJS_12_X,
  handler: 'index.handler',
  code: Code.fromAsset(path.join(__dirname, 'lambda-handler')),
  role: myRole // user-provided role
});

myRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"));
myRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole")); // only required if your function lives in a VPC

I thought that the service principal should be lambda.amazonaws.com and not sns

I can attempt to create a PR for this, though I have never done that for such a project.

This is a 📕 documentation issue
@andrewgoss andrewgoss added documentation This is a problem with documentation. feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Sep 9, 2021
@indrora indrora added p2 @aws-cdk/aws-lambda Related to AWS Lambda docs/inline Related to inline documentation of the API Reference cause/not-a-bug Not a bug (might still be a documentation issue, might still need work) and removed feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels May 16, 2022
@indrora
Copy link
Contributor

indrora commented May 16, 2022

Following up: This is correct. The AWS Lambda docs explicitly call this out. The appropriate service principal is lambda.amazonaws.com, not sns.

@vinayak-kukreja vinayak-kukreja self-assigned this Apr 21, 2023
@vinayak-kukreja vinayak-kukreja mentioned this issue Apr 21, 2023
Merged
mergify bot pushed a commit that referenced this issue Apr 24, 2023
@vinayak-kukreja
docs(aws-lambda): update execution role service principal (#25242)
c35ab9f 
There is a service principal mismatch between our `aws-lambda's Execution Role` example between [V1](https://docs.aws.amazon.com/cdk/api/v1/docs/aws-lambda-readme.html#execution-role) and [V2](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda-readme.html#execution-role) documentation.

This PR is updating the V1 doc's service principal from `sns.amazonaws.com` to `lambda.amazonaws.com`.

Closes #16427

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@peterwoodworth
Copy link
Contributor

This has been updated, closing

@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vinayak-kukreja vinayak-kukreja

Labels
@aws-cdk/aws-lambda Related to AWS Lambda cause/not-a-bug Not a bug (might still be a documentation issue, might still need work) docs/inline Related to inline documentation of the API Reference documentation This is a problem with documentation. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@indrora @andrewgoss @peterwoodworth @vinayak-kukreja