(triggers): unable to use Trigger for more than one function #22110

cecheta · 2022-09-19T11:21:11Z

Related to #19272

Describe the bug

When using the Trigger construct, it only has permissions to invoke a single lambda function, meaning it cannot invoke more than one without receiving an access denied error.

Expected Behavior

Both lambda functions are invoked.

Current Behavior

Access denied exception

Reproduction Steps

import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as triggers from 'aws-cdk-lib/triggers';

...

new triggers.TriggerFunction(this, 'One', {
  runtime: lambda.Runtime.NODEJS_16_X,
  handler: 'index.handler',
  code: lambda.Code.fromInline('exports.handler = function() { console.log("One"); };'),
});
    
new triggers.TriggerFunction(this, 'Two', {
  runtime: lambda.Runtime.NODEJS_16_X,
  handler: 'index.handler',
  code: lambda.Code.fromInline('exports.handler = function() { console.log("Two"); };'),
});

Possible Solution

The CustomResourceProvider should use addToRolePolicy rather than creating the policy in the constructor

Additional Information/Context

No response

CDK CLI Version

2.42.0

Framework Version

No response

Node.js Version

16.15.0

OS

Mac OS

Language

Typescript

Language Version

No response

Other information

No response

The text was updated successfully, but these errors were encountered:

peterwoodworth · 2022-09-19T20:14:17Z

Thanks for the report and PR, we'll try to take a look at it soon 🙂

Closes #22110 This PR updates the custom resource provider in the Trigger construct to use `addToRolePolicy` to add new statements to the IAM policy, rather than the constructor, so it can be used to trigger more than one lambda function. Also adds a one-minute retry in the custom resource provider lambda function as IAM policy changes take some time to propagate. Also refactored tests to increase coverage. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2022-11-30T17:48:53Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Closes aws#22110 This PR updates the custom resource provider in the Trigger construct to use `addToRolePolicy` to add new statements to the IAM policy, rather than the constructor, so it can be used to trigger more than one lambda function. Also adds a one-minute retry in the custom resource provider lambda function as IAM policy changes take some time to propagate. Also refactored tests to increase coverage. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

cecheta added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Sep 19, 2022

github-actions bot added the @aws-cdk/triggers Related to the triggers package label Sep 19, 2022

github-actions bot assigned otaviomacedo Sep 19, 2022

cecheta mentioned this issue Sep 19, 2022

fix(triggers): unable to trigger two lambda functions #22124

Merged

4 tasks

peterwoodworth added p2 effort/small Small work item – less than a day of effort in-progress This issue is being actively worked on. and removed needs-triage This issue or PR still needs to be triaged. labels Sep 19, 2022

peterwoodworth unassigned otaviomacedo Sep 19, 2022

mergify bot closed this as completed in #22124 Nov 30, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

(triggers): unable to use Trigger for more than one function #22110

(triggers): unable to use Trigger for more than one function #22110

cecheta commented Sep 19, 2022 •

edited

Loading

peterwoodworth commented Sep 19, 2022

github-actions bot commented Nov 30, 2022

(triggers): unable to use Trigger for more than one function #22110

(triggers): unable to use Trigger for more than one function #22110

Comments

cecheta commented Sep 19, 2022 • edited Loading

Describe the bug

Expected Behavior

Current Behavior

Reproduction Steps

Possible Solution

Additional Information/Context

CDK CLI Version

Framework Version

Node.js Version

OS

Language

Language Version

Other information

peterwoodworth commented Sep 19, 2022

github-actions bot commented Nov 30, 2022

⚠️COMMENT VISIBILITY WARNING⚠️

cecheta commented Sep 19, 2022 •

edited

Loading