fix(lambda): validation for FunctionUrlCorsOptions.maxAge (#25495)

AWS::Lambda::Url's Cors.MaxAge has a maximum value of 86400 (secs)
see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html#cfn-lambda-url-cors-maxage

This PR adds validation for it.

Note: No maximum value for S3, CloudFront (ResponseHeadersPolicy), and API Gateway.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/aws-cdk-lib/aws-lambda/lib/function-url.ts

@@ -229,6 +229,10 @@ export class FunctionUrl extends Resource implements IFunctionUrl {
   }
 
   private renderCors(cors: FunctionUrlCorsOptions): CfnUrl.CorsProperty {
+    if (cors.maxAge && !cors.maxAge.isUnresolved() && cors.maxAge.toSeconds() > 86400) {
+      throw new Error(`FunctionUrl CORS maxAge should be less than or equal to 86400 secs (got ${cors.maxAge.toSeconds()})`);
+    }
+
     return {
       allowCredentials: cors.allowCredentials,
       allowHeaders: cors.allowedHeaders,

packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts

@@ -140,6 +140,26 @@ describe('FunctionUrl', () => {
     }).toThrow(/FunctionUrl cannot be used with a Version/);
   });
 
+  test('throws when CORS maxAge is greater than 86400 secs', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const fn = new lambda.Function(stack, 'MyLambda', {
+      code: new lambda.InlineCode('hello()'),
+      handler: 'index.hello',
+      runtime: lambda.Runtime.NODEJS_14_X,
+    });
+
+    // WHEN
+    expect(() => {
+      new lambda.FunctionUrl(stack, 'FunctionUrl', {
+        function: fn,
+        cors: {
+          maxAge: cdk.Duration.seconds(86401),
+        },
+      });
+    }).toThrow(/FunctionUrl CORS maxAge should be less than or equal to 86400 secs/);
+  });
+
   test('grantInvokeUrl: adds appropriate permissions', () => {
     // GIVEN
     const stack = new cdk.Stack();