Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_stepfunction_tasks: missing lambda:InvokeFunction action #32349

Closed
1 task
smg-kayle opened this issue Dec 2, 2024 · 4 comments
Closed
1 task

aws_stepfunction_tasks: missing lambda:InvokeFunction action #32349

smg-kayle opened this issue Dec 2, 2024 · 4 comments
Assignees
@ashishdhingra
Labels
@aws-cdk/aws-stepfunctions-tasks bug This issue is a bug. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@smg-kayle
Copy link

smg-kayle commented Dec 2, 2024
edited by ashishdhingra
Loading

Describe the bug

When upgrading to v2.168.0 to have NodeJS v22.x supported I notice that the lambda:InvokeFunction action is missing and still missing in v2.171.1.

cdk diff command gives me this
image

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

2.122.0

Expected Behavior

The StateMachine is able to invoke the lambda function

Current Behavior

The StateMachine is unable to invoke the lambda function

Reproduction Steps

  1. Install aws-cdk-lib@2.168.0
  2. Run cdk diff to generate diff table

Implementation details

const taskQualifyLead = new aws_stepfunctions_tasks.LambdaInvoke(this, 'Qualify Lead', {
  lambdaFunction: this.leadQualifyLambda,
  outputPath: '$.Payload',
  retryOnServiceExceptions: true,
});

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.168.0

Framework Version

No response

Node.js Version

18, 20

OS

Linux

Language

TypeScript

Language Version

5.7.2

Other information

No response
@smg-kayle smg-kayle added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 2, 2024
@github-actions github-actions bot added @aws-cdk/aws-stepfunctions-tasks potential-regression Marking this issue as a potential regression to be checked by team member labels Dec 2, 2024
@ashishdhingra ashishdhingra self-assigned this Dec 2, 2024
@ashishdhingra ashishdhingra added p2 investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Dec 2, 2024
@ashishdhingra
Copy link
Contributor

ashishdhingra commented Dec 2, 2024
edited
Loading

@smg-kayle @smg-kayle Good afternoon. Thanks for opening the issue. Using the below bare minimal code:

import * as cdk from 'aws-cdk-lib';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as stepfunctions from 'aws-cdk-lib/aws-stepfunctions';
import * as stepfunctiontasks from 'aws-cdk-lib/aws-stepfunctions-tasks';

export class CdktestStack extends cdk.Stack {
  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const waitTime = cdk.Duration.minutes(5);

  const wait = new stepfunctions.Wait(scope, "WaitDispatch", {
    time: stepfunctions.WaitTime.duration(waitTime),
  });

    const lambdaFunction = new lambda.Function(this, 'TestLambdaFunction', {
      code: new lambda.InlineCode(
        "exports.handler = async (event) => console.log(event)"
      ),
      runtime: lambda.Runtime.NODEJS_18_X, // lambda.Runtime.NODEJS_22_X
      handler: "index.handler"
    });

    const invokeDispatcher = new stepfunctiontasks.LambdaInvoke(this, 'LambdaInvokeStepFunctionsTask', {
      lambdaFunction: lambdaFunction,
      outputPath: '$.Payload',
      retryOnServiceExceptions: true,
    });

    const definition = wait.next(invokeDispatcher);
    new stepfunctions.StateMachine(this, "InspectionMachine", {
      definition
    });
  }
}

Running cdk diff:

  • Using CDK version 2.122.0 (build 7e77e02), generated the below output: 
    [WARNING] aws-cdk-lib.aws_stepfunctions.StateMachineProps#definition is deprecated.
  use definitionBody: DefinitionBody.fromChainable()
  This API will be removed in the next major release.
[WARNING] aws-cdk-lib.aws_stepfunctions.StateMachineProps#definition is deprecated.
  use definitionBody: DefinitionBody.fromChainable()
  This API will be removed in the next major release.
Stack CdktestStack
Creating a change set, this may take a while...
Failed to create change set with error: 'Stack [CdktestStack] does not exist', falling back to no change-set diff
IAM Statement Changes
┌───┬──────────────────────────────────┬────────┬──────────────────────────────────┬────────────────────────────────────┬───────────┐
│   │ Resource                         │ Effect │ Action                           │ Principal                          │ Condition │
├───┼──────────────────────────────────┼────────┼──────────────────────────────────┼────────────────────────────────────┼───────────┤
│ + │ ${InspectionMachine/Role.Arn}    │ Allow  │ sts:AssumeRole                   │ Service:states.amazonaws.com       │           │
├───┼──────────────────────────────────┼────────┼──────────────────────────────────┼────────────────────────────────────┼───────────┤
│ + │ ${TestLambdaFunction.Arn}        │ Allow  │ lambda:InvokeFunction            │ AWS:${InspectionMachine/Role}      │           │
│   │ ${TestLambdaFunction.Arn}:*      │        │                                  │                                    │           │
├───┼──────────────────────────────────┼────────┼──────────────────────────────────┼────────────────────────────────────┼───────────┤
│ + │ ${TestLambdaFunction/ServiceRole │ Allow  │ sts:AssumeRole                   │ Service:lambda.amazonaws.com       │           │
│   │ .Arn}                            │        │                                  │                                    │           │
└───┴──────────────────────────────────┴────────┴──────────────────────────────────┴────────────────────────────────────┴───────────┘
IAM Policy Changes
┌───┬───────────────────────────────────┬────────────────────────────────────────────────────────────────────────────────┐
│   │ Resource                          │ Managed Policy ARN                                                             │
├───┼───────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────┤
│ + │ ${TestLambdaFunction/ServiceRole} │ arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole │
└───┴───────────────────────────────────┴────────────────────────────────────────────────────────────────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Parameters
[+] Parameter BootstrapVersion BootstrapVersion: {"Type":"AWS::SSM::Parameter::Value<String>","Default":"/cdk-bootstrap/hnb659fds/version","Description":"Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"}

Resources
[+] AWS::IAM::Role TestLambdaFunction/ServiceRole TestLambdaFunctionServiceRole0C9E0634 
[+] AWS::Lambda::Function TestLambdaFunction TestLambdaFunctionC089708A 
[+] AWS::IAM::Role InspectionMachine/Role InspectionMachineRole743A6A43 
[+] AWS::IAM::Policy InspectionMachine/Role/DefaultPolicy InspectionMachineRoleDefaultPolicy12DB8238 
[+] AWS::StepFunctions::StateMachine InspectionMachine InspectionMachine58B45CCF 

Other Changes
[+] Unknown Rules: {"CheckBootstrapVersion":{"Assertions":[{"Assert":{"Fn::Not":[{"Fn::Contains":[["1","2","3","4","5"],{"Ref":"BootstrapVersion"}]}]},"AssertDescription":"CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."}]}}


✨  Number of stacks with differences: 1
  • Using CDK version 2.171.1 (build a95560c) (current latest), using lambda.Runtime.NODEJS_22_X, generated the below output: 
    [WARNING] aws-cdk-lib.aws_stepfunctions.StateMachineProps#definition is deprecated.
  use definitionBody: DefinitionBody.fromChainable()
  This API will be removed in the next major release.
[WARNING] aws-cdk-lib.aws_stepfunctions.StateMachineProps#definition is deprecated.
  use definitionBody: DefinitionBody.fromChainable()
  This API will be removed in the next major release.
start: Building a2ba8aa196a1f14ec70dac10dcc2255b4f150ddc6ed3875dd2ca49e0eef60248:139480602983-us-east-2
success: Built a2ba8aa196a1f14ec70dac10dcc2255b4f150ddc6ed3875dd2ca49e0eef60248:139480602983-us-east-2
start: Publishing a2ba8aa196a1f14ec70dac10dcc2255b4f150ddc6ed3875dd2ca49e0eef60248:139480602983-us-east-2
success: Published a2ba8aa196a1f14ec70dac10dcc2255b4f150ddc6ed3875dd2ca49e0eef60248:139480602983-us-east-2
Hold on while we create a read-only change set to get a diff with accurate replacement information (use --no-change-set to use a less accurate but faster template-only diff)
Could not create a change set, will base the diff on template differences (run again with -v to see the reason)
Stack CdktestStack
IAM Statement Changes
┌───┬──────────────────────────────────┬────────┬──────────────────────────────────┬────────────────────────────────────┬───────────┐
│   │ Resource                         │ Effect │ Action                           │ Principal                          │ Condition │
├───┼──────────────────────────────────┼────────┼──────────────────────────────────┼────────────────────────────────────┼───────────┤
│ + │ ${InspectionMachine/Role.Arn}    │ Allow  │ sts:AssumeRole                   │ Service:states.amazonaws.com       │           │
├───┼──────────────────────────────────┼────────┼──────────────────────────────────┼────────────────────────────────────┼───────────┤
│ + │ ${TestLambdaFunction.Arn}        │ Allow  │ lambda:InvokeFunction            │ AWS:${InspectionMachine/Role}      │           │
│   │ ${TestLambdaFunction.Arn}:*      │        │                                  │                                    │           │
├───┼──────────────────────────────────┼────────┼──────────────────────────────────┼────────────────────────────────────┼───────────┤
│ + │ ${TestLambdaFunction/ServiceRole │ Allow  │ sts:AssumeRole                   │ Service:lambda.amazonaws.com       │           │
│   │ .Arn}                            │        │                                  │                                    │           │
└───┴──────────────────────────────────┴────────┴──────────────────────────────────┴────────────────────────────────────┴───────────┘
IAM Policy Changes
┌───┬───────────────────────────────────┬────────────────────────────────────────────────────────────────────────────────┐
│   │ Resource                          │ Managed Policy ARN                                                             │
├───┼───────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────┤
│ + │ ${TestLambdaFunction/ServiceRole} │ arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole │
└───┴───────────────────────────────────┴────────────────────────────────────────────────────────────────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Parameters
[+] Parameter BootstrapVersion BootstrapVersion: {"Type":"AWS::SSM::Parameter::Value<String>","Default":"/cdk-bootstrap/hnb659fds/version","Description":"Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"}

Resources
[+] AWS::IAM::Role TestLambdaFunction/ServiceRole TestLambdaFunctionServiceRole0C9E0634
[+] AWS::Lambda::Function TestLambdaFunction TestLambdaFunctionC089708A
[+] AWS::IAM::Role InspectionMachine/Role InspectionMachineRole743A6A43
[+] AWS::IAM::Policy InspectionMachine/Role/DefaultPolicy InspectionMachineRoleDefaultPolicy12DB8238
[+] AWS::StepFunctions::StateMachine InspectionMachine InspectionMachine58B45CCF


✨  Number of stacks with differences: 1

I see lambda:InvokeFunction action added in both CDK versions. So, this issue doesn't appear to be potential regression.

Could you share minimal end-to-end code to reproduce the issue? Are you using custom role in your code?

Thanks,
Ashish

@ashishdhingra ashishdhingra added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Dec 2, 2024
@github-actions github-actions bot removed the potential-regression Marking this issue as a potential regression to be checked by team member label Dec 2, 2024
@smg-kayle
Copy link
Author

Dear @ashishdhingra,

Your code and explanation looks obvious. In my use case, I use the definition with the @aws-solutions-constructs/aws-lambda-stepfunctions@2.51.0 with the following bare minimal code

const taskQualifyLead = new aws_stepfunctions_tasks.LambdaInvoke(this, 'Qualify Lead', {
  lambdaFunction: this.leadQualifyLambda,
  outputPath: '$.Payload',
  retryOnServiceExceptions: true,
});

const taskLeadDistributionToProxyService = new aws_stepfunctions_tasks.LambdaInvoke(
  this,
  'Distribute Lead To lead-proxy-service',
  {
    lambdaFunction: this.leadDistributeToProxyService,
    inputPath: '$.Payload',
    retryOnServiceExceptions: true,
  },
).addRetry({ interval: Duration.seconds(10) });

const taskUpdateValidLead = new aws_stepfunctions_tasks.LambdaInvoke(
  this,
  'Update Lead Status For Valid Data',
  {
    lambdaFunction: this.updateLeadLambda,
    inputPath: '$.lead',
    retryOnServiceExceptions: true,
  },
);

const taskUpdateInvalidLead = new aws_stepfunctions_tasks.LambdaInvoke(
  this,
  'Update Lead Status For Invalid Data',
  {
    lambdaFunction: this.updateLeadLambda,
    inputPath: '$.lead',
    retryOnServiceExceptions: true,
  },
);

const definitionOfLeadDistributionTasks = taskQualifyLead.next(
  new aws_stepfunctions.Choice(this, 'Is Qualify Lead?')
    .when(
      aws_stepfunctions.Condition.booleanEquals('$.isValidLead', true),
      taskUpdateValidLead.next(taskLeadDistributionToProxyService),
    )
    .otherwise(taskUpdateInvalidLead),
);

new LambdaToStepfunctions(this, 'LeadDistributionStateMachine', {
  existingLambdaObj: this.leadDistributionLambda,
  stateMachineProps: {
    definition: definitionOfLeadDistributionTasks,
    stateMachineType: aws_stepfunctions.StateMachineType.EXPRESS,
    tracingEnabled: true,
  },
  logGroupProps: {
    removalPolicy: RemovalPolicy.DESTROY,
  },
  createCloudWatchAlarms: true,
});

Could the issue be with the version mismatch?

@smg-kayle
Copy link
Author

@ashishdhingra, Indeed, the issue is with version mismatch between @aws-solutions-constructs and the aws-cdk-lib package. When upgrading both of them, there are no major change regarding the policy statement.

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 3, 2024

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 3, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ashishdhingra ashishdhingra

Labels
@aws-cdk/aws-stepfunctions-tasks bug This issue is a bug. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ashishdhingra @smg-kayle