Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cloudfront] Distribution construct does not add edgelambda.amazonaws.com service principal to associated Lambda function roles #9998

Closed
iliana opened this issue Aug 27, 2020 · 0 comments · Fixed by #10006
Closed

[cloudfront] Distribution construct does not add edgelambda.amazonaws.com service principal to associated Lambda function roles #9998

iliana opened this issue Aug 27, 2020 · 0 comments · Fixed by #10006
Assignees
@njlynch
Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront bug This issue is a bug. effort/small Small work item – less than a day of effort in-progress This issue is being actively worked on. p1

Comments

@iliana
Copy link

iliana commented Aug 27, 2020
edited

#5180 reported an issue where the edgelambda.amazonaws.com service principal was not present on automatically-generated IAM roles for Lambda functions associated with a CloudFrontWebDistribution construct. #5191 fixed this.

The newer Distribution construct lacks this behavior, and I hit the same error as reported in #5180. I had to work around by manually generating a role and adding the appropriate two service principals.

Environment

  • CLI Version : 1.60.0 (build 8e3f53a)
  • Framework Version: 1.60.0
  • Node.js Version: v12.16.3
  • OS : Linux
  • Language (Version): TypeScript (4.0.2)

This is 🐛 Bug Report
@iliana iliana added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Aug 27, 2020
@github-actions github-actions bot added the @aws-cdk/aws-cloudfront Related to Amazon CloudFront label Aug 27, 2020
njlynch added a commit that referenced this issue Aug 27, 2020
@njlynch
fix(cloudfront): Distribution does not add edgelambda trust policy
312318c 
The stable `CloudFrontWebDistribution` construct automatically adds the
'edgelambda.amazonaws.com' trust policy to the Lambda execution role when
adding a Lambda@Edge function to the distribution. The newer `Distribution`
construct was missing this functionality.

Also added an integ test to validate the Lambda@Edge functions can actually be
deployed.

fixes #9998
@njlynch njlynch mentioned this issue Aug 27, 2020
Merged
@njlynch njlynch added effort/small Small work item – less than a day of effort p1 in-progress This issue is being actively worked on. and removed needs-triage This issue or PR still needs to be triaged. labels Aug 27, 2020
@mergify mergify bot closed this as completed in #10006 Aug 28, 2020
mergify bot pushed a commit that referenced this issue Aug 28, 2020
@njlynch
fix(cloudfront): Distribution does not add edgelambda trust policy (#…
9098e29 
…10006)

The stable `CloudFrontWebDistribution` construct automatically adds the
'edgelambda.amazonaws.com' trust policy to the Lambda execution role when
adding a Lambda@Edge function to the distribution. The newer `Distribution`
construct was missing this functionality.

Also added an integ test to validate the Lambda@Edge functions can actually be
deployed.

fixes #9998

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@njlynch njlynch

Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront bug This issue is a bug. effort/small Small work item – less than a day of effort in-progress This issue is being actively worked on. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(cloudfront): Distribution does not add edgelambda trust policy aws/aws-cdk
2 participants
@iliana @njlynch