Update pipeline_management.yml for listTags allow #748
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
as per aws update GetFunction will no longer support to get data related to Tags if it not is explicitly allow by code for lambda
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
as per aws update GetFunction will no longer support to get data related to Tags if it not is explicitly allow by code for lambda
Why?
Mail from aws team
We are contacting you because we are making a change to the Lambda GetFunction API authorization which may require your action.
Previously, permissions on ListTags were required only when using the ListTags API explicitly. However, principals with GetFunction API permissions could still access tag information outputted by the GetFunction call. Beginning July 27, 2024, Lambda will return tags data only when the principal calling GetFunction API has a policy with explicit allow permission on ListTags API. When the role calling the GetFunction API has a policy with a deny or has no policy with explicit allow access to ListTags API, Lambda will not return tags data in the response to the GetFunction API call.
We identified your account has roles with allow access to the GetFunction API, however, the policy does not allow access to the ListTags API. If you intend to continue receiving tags data using the GetFunction API, you must add a policy to the AWS Identity and Access Management (IAM) role used to call the GetFunction API with an explicit “allow access to the ListTags API. Please refer to our "Permissions required for working with tags" user guide for information about the permissions required for using tags with Lambda resources [1].
To allow you time to review and make necessary changes, we have added your account to an allow list until September 1, 2024. After this date, calls to the GetFunction API will return tags data only if the caller has explicit allow access to the ListTags API. If the caller does not have allow access to the ListTags or has deny access to the ListTags API, the GetFunction API will return function configuration excluding tags data. Additionally, the message will include the new TagsError object which provides the reason for not returning the tags data.
Issue #, if available:
What?
Description of changes:
added allow ListTags for getFunction in the pipeline_management.yml
By submitting this pull request, I confirm that you can use, modify, copy, and
redistribute this contribution, under the terms of your choice.