En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

In CDK, how can I remove permissions from an Alias (of a Lambda)?

0

We have an API Gateway with multiple endpoints that all trigger the same lambda. When attempting to add new endpoints in the CDK, we seem to have reached an IAM policy limit and see the following error when we deploy in CloudFormation:

Resource handler returned message: "The final policy size (20599) is bigger than the limit (20480). (Service: Lambda, Status Code: 400, Request ID: "

This is all done under the hood when we create the wire from endpoint to lambda.

To fix this, I want to remove all of the permissions that are added to the Alias under the hood so I can add a single permission with a wildcard so that all endpoints can trigger the lambda.

I see that the Alias class has a "permissionsNode" but I'm not sure what to do with this to remove permissions. Any ideas?

Sujets
Sans serveurCalculSécurité, identité et conformitéKit de développement AWS Cloud (CDK)
Balises
AWS LambdaPolitiques IAMKit de développement AWS Cloud (CDK)
Langue
English
rePost-User-2581820
demandé il y a 5 mois256 vues
1 réponse
0
Réponse acceptée

In my case, the permissions are associated with the API Gateway method. So what I did to remove them was:

(TypeScript CDK)

    const permissionsToRemove = method.node.children.filter(c => c instanceof CfnPermission);
    permissionsToRemove.forEach(permission => method.node.tryRemoveChild(permission.node.id));

Where method is a Method type from API Gateway.

rePost-User-2581820
répondu il y a 5 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents