Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

In CDK, how can I remove permissions from an Alias (of a Lambda)?

0

We have an API Gateway with multiple endpoints that all trigger the same lambda. When attempting to add new endpoints in the CDK, we seem to have reached an IAM policy limit and see the following error when we deploy in CloudFormation:

Resource handler returned message: "The final policy size (20599) is bigger than the limit (20480). (Service: Lambda, Status Code: 400, Request ID: "

This is all done under the hood when we create the wire from endpoint to lambda.

To fix this, I want to remove all of the permissions that are added to the Alias under the hood so I can add a single permission with a wildcard so that all endpoints can trigger the lambda.

I see that the Alias class has a "permissionsNode" but I'm not sure what to do with this to remove permissions. Any ideas?

Argomenti
ServerlessComputazionaliSicurezza, identità e conformitàKit di sviluppo cloud AWS (CDK)
Tag
AWS LambdaPolitiche IAMKit di sviluppo cloud AWS (CDK)
Lingua
English
rePost-User-2581820
posta 5 mesi fa256 visualizzazioni
1 Risposta
0
Risposta accettata

In my case, the permissions are associated with the API Gateway method. So what I did to remove them was:

(TypeScript CDK)

    const permissionsToRemove = method.node.children.filter(c => c instanceof CfnPermission);
    permissionsToRemove.forEach(permission => method.node.tryRemoveChild(permission.node.id));

Where method is a Method type from API Gateway.

rePost-User-2581820
con risposta 5 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente