Hi trying to add `lambda Permission` for an Api Gateway call Pulumi Community #aws

Hi, trying to add `lambda.Permission` for an Api G...

early-keyboard-41388

09/19/2022, 4:56 PM

Hi, trying to add

lambda.Permission

for an Api Gateway call with

stageVariables

, but getting an error in the

function

name.

Copy code

new aws.lambda.Permission(
      'permission-resource,
      {
        action: 'lambda:InvokeFunction',
        function: interpolate`arn:aws:lambda:${awsRegion}:${callerIdentityOutput.accountId}:function:${apiLambda.name}:\${stageVariables.GRAPHQL_ALIAS}`,
        principal: '<http://apigateway.amazonaws.com|apigateway.amazonaws.com>',
        sourceArn: interpolate`arn:aws:execute-api:${awsRegion}:${callerIdentityOutput.accountId}:${this.api.id}/*/${postMethod.httpMethod}${resource.path}`,
      },
      { parent: postMethod },
    );

The the addition of

${stageVariables.GRAPHQL_ALIAS}

is not working. How is it done correctly?

early-keyboard-41388

09/19/2022, 4:58 PM

What would be the equivalent of this in Pulumi?

Copy code

aws lambda add-permission   --function-name "arn:aws:lambda:<region>:<account>:function:graphql:${stageVariables.GRAPHQL_ALIAS}"   --source-arn "arn:aws:execute-api:<region>:<account>:<resource>/*/POST/graphql"   --principal <http://apigateway.amazonaws.com|apigateway.amazonaws.com>   --statement-id <statement_id>   --action lambda:InvokeFunction

Got this from the AWS console (Api Gateway) for adding the lambda with the

${stageVariables}

in it.

witty-candle-66007

09/19/2022, 4:59 PM

I wonder if the “\” is escaping the “$” and so the variable is not being evaluated

early-keyboard-41388

09/19/2022, 5:00 PM

Yeah, but is intentional, so to get the

stageVariables

out of the stage. Like from here: https://docs.aws.amazon.com/apigateway/latest/developerguide/amazon-api-gateway-using-stage-variables.html

witty-candle-66007

09/19/2022, 5:01 PM

Oh - I see now.

witty-candle-66007

09/19/2022, 5:09 PM

I tried a couple of quick things and both of these appear to work - they keep the “${stageVariables.GRAPHQL_ALIAS}” in tact in the output. (Not tested by actually passing to lambda.)

Copy code

export const goo = pulumi.concat("arn:aws:lambda:",aws.config.region,"blah blah ${stageVariables.GRAPHQL_ALIAS}:",bucket.id)
export const foo = pulumi.interpolate `arn:aws:lambda:${aws.config.region} blah blah \$\{stageVariables.GRAPHQL_ALIAS\}:${bucket.id}`

witty-candle-66007

09/19/2022, 5:09 PM

So with interpolate I added a couple more escapes

early-keyboard-41388

09/19/2022, 5:11 PM

Ok, so instead of

:\${stageVariables.GRAPHQL_ALIAS}

Do it like this?

:\$\{stageVariables.GRAPHQL_ALIAS\}

early-keyboard-41388

09/19/2022, 5:14 PM

I think I might have express myself badly. The error is not from escaping, but when trying to deploy

Permission

for the lambda with the alias as the

stageVariables

, it fails due to

"function_name" doesn't comply with restrictions

. Maybe I’m using the wrong resource to do it..

early-keyboard-41388

09/19/2022, 5:18 PM

@witty-candle-66007 thanks for responding. I figured it out. Error on my end. Mixed permissions (per alias) with the actual lambda call definition.

witty-candle-66007

09/19/2022, 5:22 PM

Glad you figured it out.

👍 1

2 Views

Open in Slack

Previous Next