- Newest
- Most votes
- Most comments
This inconsistent naming behavior between the Lambda function and its replicas created by the replication service does sound like a bug. Typically the function name and log group should match between the origin and replicas.
A few things to try:
-
Double check that the Lambda function name itself does not contain the region prefix. The replication service should strip this out, but any inconsistencies could cause issues.
-
Try deleting the existing function/log group and redeploying with a simple name like "test" without the region. See if replicas get created correctly.
-
Open a support ticket with AWS to report the issue. They may be able to check if there are any known bugs causing naming mismatches.
-
For a temporary workaround, you could handle the mismatch in names by looking up the replicated function versions after creation and finding the log groups programmatically. Not ideal but could unblock you.
-
Consider using Lambda@Edge blueprints which can help manage all the replicated resources: https://github.com/aws-samples/lambda-edge-blueprints
Definitely seems like a bug since the naming and consistency between origins and replicas should be handled transparently. I'd suggest opening a support ticket for best results getting the issue escalated and resolved.
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 5 months ago
- Why can't I view the EventBridge trigger in my Lambda function that my CloudFormation stack created?AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a month ago
So it seems that such naming of the function names and log groups is possible in the edge locations based on this: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-functions-logs.html And I can see from cloudtrail logs that the EnableReplication permission is leading to a replicated function in being created at the edge location3 . The log stops there and I'm guessing the step after that should be the Invocation of the edge function. The lambda:InvokeFunction is granted to cloudfront principal as the trusted entity and I even modified the Resource arn to be arn:aws:lambda::123456789012:function: for the region and function name values to be wildcards based on the above documentation. So I have the lambda:GetFunction in the resource policy that brings the lambda function to the EnableReplication/DisableReplication permissions that create and deploy replicas to the edge locations with arn:aws:lambda:eu-west-2:9999999999:function:myFunction-url-sign:version . The iam:CreateServiceLinkedRole and iam:PassRole manages the iam role and its assumption by the cloudfront and lambda@edge services. Finally the logs:CreateLogGroup and the logs:CreateLogStream and logs:PutlogEvents that are required for CloudWatch Logs. The trusted identity policy makes sure that the lambsa@edge, cloudfromt and the logger services get to sts:assumeRole. If all of tis is not enough, what am I missing that is not invoking the function in runtime (cli invokes fine)