Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Default Lambda policies not being managed on changes #4279

Open
woodsjd-cr opened this issue Aug 16, 2024 · 1 comment
Open

Default Lambda policies not being managed on changes #4279

woodsjd-cr opened this issue Aug 16, 2024 · 1 comment
Assignees

Comments

@woodsjd-cr
Copy link

The default for Nextjs lambdas is 'auth type: None'. In this case, a policy 'FunctionURLAllowPublicAccess' is attached to the lambdas@edge (imageOptimisation and defaultFunction). After deploying this, and then changing to 'auth type: IAM', a re-deployment will not remove the default policy 'FunctionURLAllowPublicAccess'.

Equally, if the initial deployment specified 'auth type: IAM' for the lambdas@edge then the policy 'FunctionURLAllowPublicAccess' is not created (great! this works as expected). But, changing to 'auth type: None' on a redeployment will not create and attach the 'FunctionURLAllowPublicAccess' policy to the lambdas. To fix this, I need to remove the stage entirely, and deploy from scratch.

ps - loving the tool, great work is being done here!

@fwang fwang self-assigned this Aug 19, 2024
@fwang
Copy link
Contributor

fwang commented Aug 28, 2024

@woodsjd-cr It seems to be a known issue w/ the Terraform provider - hashicorp/terraform-provider-aws#38260

I did a quick test. I changed auth type from none to iam, and I can see the FunctionURLAllowPublicAccess policy isn't getting removed (verified the issue). However I get {"Message":"Forbidden"} when accessing the URL. The function URL is not publicly accessible. Is this still an issue?

@thdxr thdxr transferred this issue from sst/ion Oct 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants