In CDK, how can I remove permissions from an Alias (of a Lambda)?

Question

We have an API Gateway with multiple endpoints that all trigger the same lambda. When attempting to add new endpoints in the CDK, we seem to have reached an IAM policy limit and see the following error when we deploy in CloudFormation:

```
Resource handler returned message: "The final policy size (20599) is bigger than the limit (20480). (Service: Lambda, Status Code: 400, Request ID: "
```
This is all done under the hood when we create the wire from endpoint to lambda.

To fix this, I want to remove all of the permissions that are added to the Alias under the hood so I can add a single permission with a wildcard so that all endpoints can trigger the lambda.

I see that the Alias class has a "permissionsNode" but I'm not sure what to do with this to remove permissions. Any ideas?

Accepted Answer

In my case, the permissions are associated with the API Gateway method. So what I did to remove them was:

(TypeScript CDK)
```
    const permissionsToRemove = method.node.children.filter(c => c instanceof CfnPermission);
    permissionsToRemove.forEach(permission => method.node.tryRemoveChild(permission.node.id));
```

Where `method` is a Method type from API Gateway.

In CDK, how can I remove permissions from an Alias (of a Lambda)?

相关内容