Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lambda: Can't grant permission to all apigateway services in org #19879

Closed
kjpgit opened this issue Apr 12, 2022 · 2 comments
Closed

lambda: Can't grant permission to all apigateway services in org #19879

kjpgit opened this issue Apr 12, 2022 · 2 comments
Assignees
Labels
@aws-cdk/aws-lambda Related to AWS Lambda bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.

Comments

@kjpgit
Copy link

kjpgit commented Apr 12, 2022

Describe the bug

I made a lambda request authorizer for http apis. Trying to grant access to our org.

Both of these fail to compile:

   // Error: PrincipalWithConditions had unsupported conditions for Lambda permission statement: [{"operator":"StringEquals","key":"aws:PrincipalOrgID"}]. Supported operator/condition pairs: [{"operator":"ArnLike","key":"aws:SourceArn"},{"operator":"StringEquals","key":"aws:SourceAccount"}]
    func.grantInvoke(new iam.ServicePrincipal("apigateway.amazonaws.com").withConditions({
        "StringEquals": {
          "aws:PrincipalOrgID": "xxxx"
        }
      }

    // Error: Invalid principal type for Lambda permission statement: StarPrincipal. Supported: AccountPrincipal, ArnPrincipal, ServicePrincipal
    func.grantInvoke(new iam.StarPrincipal().withConditions({
        func.grantInvoke(new iam.StarPrincipal().withConditions({
        "StringEquals": {
          "aws:PrincipalOrgID": "xxxx"
        }

Expected Behavior

For AWS Docs to show me how to do this, and CDK to support it

Current Behavior

.

Reproduction Steps

.

Possible Solution

workaround is adding policy manually in web console, each apigw arn separately.
I can't get a wildcard to work at all.

Additional Information/Context

No response

CDK CLI Version

2.20.0 (build 738ef49)

Framework Version

No response

Node.js Version

v16.14.2

OS

linux

Language

Typescript

Language Version

No response

Other information

No response

@kjpgit kjpgit added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 12, 2022
@github-actions github-actions bot added the @aws-cdk/aws-lambda Related to AWS Lambda label Apr 12, 2022
@kaizencc
Copy link
Contributor

Duplicate of #19538

We don't support PrincipalOrgId yet in CDK. I'll try to get to it this week.

@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-lambda Related to AWS Lambda bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Development

No branches or pull requests

2 participants