Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

In CDK, how can I remove permissions from an Alias (of a Lambda)?

0

We have an API Gateway with multiple endpoints that all trigger the same lambda. When attempting to add new endpoints in the CDK, we seem to have reached an IAM policy limit and see the following error when we deploy in CloudFormation:

Resource handler returned message: "The final policy size (20599) is bigger than the limit (20480). (Service: Lambda, Status Code: 400, Request ID: "

This is all done under the hood when we create the wire from endpoint to lambda.

To fix this, I want to remove all of the permissions that are added to the Alias under the hood so I can add a single permission with a wildcard so that all endpoints can trigger the lambda.

I see that the Alias class has a "permissionsNode" but I'm not sure what to do with this to remove permissions. Any ideas?

Themen
ServerlosKalkulationSicherheit, Identität & KonformitätAWS Cloud-Entwicklungskit (CDK)
Tags
AWS LambdaIAM-RichtlinienAWS Cloud-Entwicklungskit (CDK)
Sprache
English
rePost-User-2581820
gefragt vor 5 Monaten256 Aufrufe
1 Antwort
0
Akzeptierte Antwort

In my case, the permissions are associated with the API Gateway method. So what I did to remove them was:

(TypeScript CDK)

    const permissionsToRemove = method.node.children.filter(c => c instanceof CfnPermission);
    permissionsToRemove.forEach(permission => method.node.tryRemoveChild(permission.node.id));

Where method is a Method type from API Gateway.

rePost-User-2581820
beantwortet vor 5 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt