https://pulumi.com logo
Powered by
Title
e

early-keyboard-41388

09/19/2022, 4:56 PM
Hi, trying to add 
lambda.Permission
for an Api Gateway call with 
stageVariables
, but getting an error in the 
function
name. 
new aws.lambda.Permission(
      'permission-resource,
      {
        action: 'lambda:InvokeFunction',
        function: interpolate`arn:aws:lambda:${awsRegion}:${callerIdentityOutput.accountId}:function:${apiLambda.name}:\${stageVariables.GRAPHQL_ALIAS}`,
        principal: '<http://apigateway.amazonaws.com|apigateway.amazonaws.com>',
        sourceArn: interpolate`arn:aws:execute-api:${awsRegion}:${callerIdentityOutput.accountId}:${this.api.id}/*/${postMethod.httpMethod}${resource.path}`,
      },
      { parent: postMethod },
    );
The the addition of 
${stageVariables.GRAPHQL_ALIAS}
is not working. How is it done correctly?
What would be the equivalent of this in Pulumi? 
aws lambda add-permission   --function-name "arn:aws:lambda:<region>:<account>:function:graphql:${stageVariables.GRAPHQL_ALIAS}"   --source-arn "arn:aws:execute-api:<region>:<account>:<resource>/*/POST/graphql"   --principal <http://apigateway.amazonaws.com|apigateway.amazonaws.com>   --statement-id <statement_id>   --action lambda:InvokeFunction
Got this from the AWS console (Api Gateway) for adding the lambda with the 
${stageVariables}
in it.
w

witty-candle-66007

09/19/2022, 4:59 PM
I wonder if the “\” is escaping the “$” and so the variable is not being evaluated
e

early-keyboard-41388

09/19/2022, 5:00 PM
Yeah, but is intentional, so to get the 
stageVariables
out of the stage. Like from here: https://docs.aws.amazon.com/apigateway/latest/developerguide/amazon-api-gateway-using-stage-variables.html
w

witty-candle-66007

09/19/2022, 5:01 PM
Oh - I see now.
I tried a couple of quick things and both of these appear to work - they keep the “${stageVariables.GRAPHQL_ALIAS}” in tact in the output. (Not tested by actually passing to lambda.) 
export const goo = pulumi.concat("arn:aws:lambda:",aws.config.region,"blah blah ${stageVariables.GRAPHQL_ALIAS}:",bucket.id)
export const foo = pulumi.interpolate `arn:aws:lambda:${aws.config.region} blah blah \$\{stageVariables.GRAPHQL_ALIAS\}:${bucket.id}`
`
So with interpolate I added a couple more escapes
e

early-keyboard-41388

09/19/2022, 5:11 PM
Ok, so instead of 
:\${stageVariables.GRAPHQL_ALIAS}
Do it like this? 
:\$\{stageVariables.GRAPHQL_ALIAS\}
I think I might have express myself badly. The error is not from escaping, but when trying to deploy 
Permission
for the lambda with the alias as the 
stageVariables
, it fails due to 
"function_name" doesn't comply with restrictions
. Maybe I’m using the wrong resource to do it..
@witty-candle-66007 thanks for responding. I figured it out. Error on my end. Mixed permissions (per alias) with the actual lambda call definition.
w

witty-candle-66007

09/19/2022, 5:22 PM
Glad you figured it out.
👍 1
2 Views
#awsJoin Slack
Powered by