Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: aws_lambda_permission source_account creates invalid IAM condition key #28296

Open
baolsen opened this issue Dec 12, 2022 · 2 comments
Open

[Bug]: aws_lambda_permission source_account creates invalid IAM condition key #28296

baolsen opened this issue Dec 12, 2022 · 2 comments
Labels
bug Addresses a defect in current functionality. service/lambda Issues and PRs that pertain to the lambda service.

Comments

@baolsen
Copy link
Contributor

baolsen commented Dec 12, 2022

Terraform Core Version

1.2.9

AWS Provider Version

4.39.0

Affected Resource(s)

aws_lambda_permission

Expected Behavior

When specifying the source_account argument, a condition key should be created like so:

{
 "StringEquals": {
  "aws": "112233445566"
 }
}

Condition keys are case-sensitive.

Actual Behavior

The following condition key is created instead:

{
 "StringEquals": {
  "AWS": "112233445566"
 }
}

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

Snippet:

resource "aws_lambda_permission" "this" {
  # statement_id  = "AllowExecutionFromRole"
  action        = "lambda:InvokeFunctionUrl"
  function_name = aws_lambda_function.this.function_name
  principal = "arn:aws:iam::112233445566:role/r-112233445566-role"
  source_account = "112233445566"
  function_url_auth_type = "AWS_IAM"
}

Steps to Reproduce

Create any aws_lambda_permission resource and specify source_account.
View the created permissions in the AWS console.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

Lambda permissions reference:
https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html

Condition keys reference:
"StringEquals; Exact matching, case sensitive"
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html

Would you like to implement a fix?

Yes
@baolsen baolsen added bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. labels Dec 12, 2022
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added the service/lambda Issues and PRs that pertain to the lambda service. label Dec 12, 2022
@baolsen baolsen mentioned this issue Dec 12, 2022
Closed
@ewbankkit ewbankkit removed the needs-triage Waiting for first response or review from a maintainer. label Dec 12, 2022
@baolsen
Copy link
Contributor Author

baolsen commented Dec 13, 2022

Might be an AWS limitation, when both --source-account and --function-url-auth-type are specified to the API.
Awaiting feedback on support case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/lambda Issues and PRs that pertain to the lambda service.
Projects
None yet
Milestone
No milestone
2 participants
@ewbankkit @baolsen