Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid permissions on Lambda function error #126

Open
RTiNo1 opened this issue Jul 16, 2020 · 0 comments
Open

Invalid permissions on Lambda function error #126

RTiNo1 opened this issue Jul 16, 2020 · 0 comments

Comments

@RTiNo1
Copy link

RTiNo1 commented Jul 16, 2020
edited
Loading

I tried to use this plugin to split resources.
There are several functions in the project, but I want to create stacks for the one specific function - generic, which has a lot of resources
Both with default split or custom stacks-map I'm getting 500 internal server error, caused by "Execution failed due to configuration error: Invalid permissions on Lambda function".
Resources that are not grouped work, only those in stacks do not.

I will be very grateful for any advice where the error may be.

serverless.yml

service: "service-name"
frameworkVersion: "=1.61.2"

plugins:
  - serverless-webpack
  - serverless-offline
  - serverless-aws-alias
  - serverless-prune-plugin
  - serverless-plugin-split-stacks

custom:
  currentStage: ${opt:stage, self:provider.stage}
  webpack:
    webpackConfig: webpack.config.js
    includeModules: true
    packager: yarn
    excludeFiles: src/**/*.test.js
    keepOutputDirectory: true
  authorizer:
    name: authorizer
    type: request
    identitySource: method.request.header.Cookie
    resultTtlInSeconds: 0
  environmentVariables:
    ALLOWED_ORIGINS:
      Fn::Join:
        - " "
        - ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
    NODE_ENV: ${file(./config/${self:custom.currentStage}.yml):environment.NODE_ENV}
  splitStacks:
    nestedStackCount: 50
    perFunction: false
    perType: false
    perGroupFunction: true
    custom: stacks-map.js

provider:
  name: aws
  runtime: nodejs12.x
  apiName: ${file(./config/${self:custom.currentStage}.yml):stackName}
  region: eu-west-1
  stage: dev
  account_id: ${file(./config/${self:custom.currentStage}.yml):provider.account_id}
  timeout: 20
  versionFunctions: ${file(./config/${self:custom.currentStage}.yml):provider.versionFunctions}
  role: ${file(./config/${self:custom.currentStage}.yml):provider.create_role_arn}
  vpc: ${file(./config/${self:custom.currentStage}.yml):provider.vpc}

functions:
  ping:
    handler: src/functions/alert/ping.ping
    role: ${file(./config/${self:custom.currentStage}.yml):provider.execution_role_arn}
    environment: ${self:custom.environmentVariables}
    events:
      - http:
          path: alert/ping
          method: get
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
  authorizer:
    handler: src/functions/authorizer/authorizer.handler
    role: ${file(./config/${self:custom.currentStage}.yml):provider.execution_role_arn}
  auth:
    handler: src/functions/auth/auth.auth
    role: ${file(./config/${self:custom.currentStage}.yml):provider.execution_role_arn}
    environment: ${self:custom.environmentVariables}
    events:
      - http:
          path: v1/auth
          method: post
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
      - http:
          path: v1/auth
          method: delete
          authorizer: ${self:custom.authorizer}
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
            cacheControl: "max-age=0, s-maxage=0, proxy-revalidate"
      - http:
          path: v1/auth
          method: get
          authorizer: ${self:custom.authorizer}
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
  authCode:
    handler: src/functions/auth/authCode.handler
    role: ${file(./config/${self:custom.currentStage}.yml):provider.execution_role_arn}
    environment: ${self:custom.environmentVariables}
    events:
      - http:
          path: v1/auth/code/{code}
          method: get
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
  generic:
    handler: src/functions/generic/generic.handler
    role: ${file(./config/${self:custom.currentStage}.yml):provider.execution_role_arn}
    environment: ${self:custom.environmentVariables}
    events:
      - http:
          path: v1/users/{userID}/settings
          method: get
          authorizer: ${self:custom.authorizer}
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
      - http:
          path: v1/users/{userID}/settings/{settingName}
          method: put
          authorizer: ${self:custom.authorizer}
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
      - http:
          path: v1/merchants/{userID}/api_credentials
          method: post
          authorizer: ${self:custom.authorizer}
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
      - http:
          path: v1/merchants/{userID}/api_credentials
          method: get
          authorizer: ${self:custom.authorizer}
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
      - http:
          path: v1/merchants/{userID}/default_shipping_profile
          method: post
          authorizer: ${self:custom.authorizer}
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
      - http:
          path: v1/merchants/{userID}/default_shipping_profile
          method: get
          authorizer: ${self:custom.authorizer}
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
      - http:
          path: v1/merchants/{userID}/price_adjustment
          method: post
          authorizer: ${self:custom.authorizer}
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
      - http:
          path: v1/merchants/{userID}/price_adjustment
          method: get
          authorizer: ${self:custom.authorizer}
          cors:
            origins: ${file(./config/${self:custom.currentStage}.yml):environment.API_ORIGINS}
            allowCredentials: true
package:
  individually: true
  exclude:
    - node_modules/**
    - config/*.yml
    - README.md
    - package.json
    - yarn.lock
    - src/**/tests/*
    - src/**/*.test.js
    - .*
    - .*/**

stacks-map.js

const EXCLUDE_TRIGGERS = ["Ping", "Auth", "Authorizer", "AuthCode"]

module.exports = (resource, logicalId) => {
  if (EXCLUDE_TRIGGERS.some(trigger => logicalId.startsWith(trigger))) {
    return false
  }

  return null
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RTiNo1