-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(lambda): grantInvoke errors when only specifying sourceArn condition #20146
Labels
@aws-cdk/aws-lambda
Related to AWS Lambda
bug
This issue is a bug.
effort/small
Small work item – less than a day of effort
p1
Comments
kjpgit
added
bug
This issue is a bug.
needs-triage
This issue or PR still needs to be triaged.
labels
Apr 29, 2022
kaizencc
added
p1
effort/small
Small work item – less than a day of effort
and removed
needs-triage
This issue or PR still needs to be triaged.
labels
Apr 29, 2022
kaizencc
changed the title
lambda: can't add simple permissions for apigw
(lambda): can't add simple permissions for apigw
Apr 29, 2022
kaizencc
changed the title
(lambda): can't add simple permissions for apigw
(lambda): grantInvoke errors when only specifying sourceArn condition
Apr 29, 2022
4 tasks
mergify bot
pushed a commit
that referenced
this issue
Jun 28, 2022
Closes #19538, also fixes #20146. I combined them because they touch the same surface area and it would be too hairy to separate them out. See [lambda docs](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html#permissions-resource-xorginvoke) for this feature. Introduces functionality to grant permissions to an organization in the following ways: ```ts declare const fn = new lambda.Function; // grant to an organization fn.grantInvoke(iam.OrganizationPrincipal('o-xxxxxxxxxx'); // grant to an account in an organization fn.grantInvoke(iam.AccountPrincipal('123456789012').inOrganization('o-xxxxxxxxxx')); ``` ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
daschaa
pushed a commit
to daschaa/aws-cdk
that referenced
this issue
Jul 9, 2022
…19975) Closes aws#19538, also fixes aws#20146. I combined them because they touch the same surface area and it would be too hairy to separate them out. See [lambda docs](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html#permissions-resource-xorginvoke) for this feature. Introduces functionality to grant permissions to an organization in the following ways: ```ts declare const fn = new lambda.Function; // grant to an organization fn.grantInvoke(iam.OrganizationPrincipal('o-xxxxxxxxxx'); // grant to an account in an organization fn.grantInvoke(iam.AccountPrincipal('123456789012').inOrganization('o-xxxxxxxxxx')); ``` ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/aws-lambda
Related to AWS Lambda
bug
This issue is a bug.
effort/small
Small work item – less than a day of effort
p1
Describe the bug
This works in web console, but fails in cdk:
Expected Behavior
.
Current Behavior
TypeError: Cannot read properties of undefined (reading 'aws:SourceAccount')
Reproduction Steps
.
Possible Solution
give up on cdk and use web console
Additional Information/Context
No response
CDK CLI Version
2.22.0 (build 1db4b16)
Framework Version
No response
Node.js Version
.
OS
linux
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: