Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Adding Analytics permissions to lambda trigger function fails
See original GitHub issueNote: If your issue/bug is regarding the AWS Amplify Console service, please log it in the Amplify Console GitHub Issue Tracker
Describe the bug A clear and concise description of what the bug is.
Adding permissions to access analytics from a lambda trigger function results in:
CREATE_FAILED AmplifyResourcesPolicy AWS::IAM::Policy Tue Mar 24 2020 16:02:22 GMT-0700 (Pacific Daylight Time) The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: bc7c5f42-a965-46d0-aa48-cfa5b3101575)
Amplify CLI Version
You can use amplify -v to check the amplify cli version on your system
4.17.1
To Reproduce Steps to reproduce the behavior or terminal output if applicable
box:dir user$ amplify add function
Using service: Lambda, provided by: awscloudformation
? Provide a friendly name for your resource to be used as a label for this category in the project: notifyUsersOnNewContent
? Provide the AWS Lambda function name: notifyUsersOnNewContent
NodeJS found for selected function configuration.
? Choose the function template that you want to use: Lambda trigger
? What event source do you want to associate with Lambda trigger? Amazon DynamoDB Stream
? Choose a DynamoDB event source option Use API category graphql @model backed DynamoDB table(s) in the current Amplify project
Selected resource story
? Choose the graphql @model(s) Story, Take, StoryVote, TakeVote
? Do you want to access other resources created in this project from your Lambda function? No
? Do you want to edit the local lambda function now? No
Successfully added resource notifyUsersOnNewContent locally.
box:dir user$ amplify push
*** This succeeds
box:dir user$ amplify update function
Using service: Lambda, provided by: awscloudformation
? Please select the Lambda Function you would want to update notifyUsersOnNewContent
? Do you want to update permissions granted to this Lambda function to perform on other resources in your project? Yes
? Select the category analytics
Analytics category has a resource called story
? Select the operations you want to permit for story create, read, update, delete
You can access the following resource attributes as environment variables from your Lambda function
var environment = process.env.ENV
var region = process.env.REGION
var analyticsStoryId = process.env.ANALYTICS_STORY_ID
var analyticsStoryRegion = process.env.ANALYTICS_STORY_REGION
? Do you want to edit the local lambda function now? No
Successfully updated resource
box:dir user$ amplify push
Current Environment: dev
| Category | Resource name | Operation | Provider plugin |
| ------------- | ----------------------- | --------- | ----------------- |
| Function | notifyUsersOnNewContent | Update | awscloudformation |
| Auth | storyAuth | No Change | awscloudformation |
| Storage | storyMedia | No Change | awscloudformation |
| Api | story | No Change | awscloudformation |
| Analytics | story | No Change | awscloudformation |
| Notifications | story | No Change | |
? Are you sure you want to continue? Yes
⠋ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE analyticsstory AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:50 GMT-0700 (Pacific Daylight Time)
UPDATE_COMPLETE authstoryAuth AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:50 GMT-0700 (Pacific Daylight Time)
UPDATE_COMPLETE storagestoryMedia AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:49 GMT-0700 (Pacific Daylight Time)
UPDATE_IN_PROGRESS analyticsstory AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:49 GMT-0700 (Pacific Daylight Time)
UPDATE_IN_PROGRESS authstoryAuth AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:49 GMT-0700 (Pacific Daylight Time)
UPDATE_IN_PROGRESS storagestoryMedia AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:48 GMT-0700 (Pacific Daylight Time)
UPDATE_IN_PROGRESS amplify-story-dev-174558 AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:44 GMT-0700 (Pacific Daylight Time) User Initiated
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS apistory AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:52 GMT-0700 (Pacific Daylight Time)
⠸ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS amplify-story-dev-174558-apistory-H5AFAQK3RFB2 AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:52 GMT-0700 (Pacific Daylight Time) User Initiated
⠙ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE StoryVote AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:00 GMT-0700 (Pacific Daylight Time)
UPDATE_COMPLETE Story AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:00 GMT-0700 (Pacific Daylight Time)
UPDATE_COMPLETE Take AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:00 GMT-0700 (Pacific Daylight Time)
UPDATE_COMPLETE TakeVote AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:59 GMT-0700 (Pacific Daylight Time)
UPDATE_IN_PROGRESS StoryVote AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:59 GMT-0700 (Pacific Daylight Time)
UPDATE_IN_PROGRESS Take AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:59 GMT-0700 (Pacific Daylight Time)
UPDATE_IN_PROGRESS Story AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:59 GMT-0700 (Pacific Daylight Time)
UPDATE_IN_PROGRESS TakeVote AWS::CloudFormation::Stack Tue Mar 24 2020 16:01:59 GMT-0700 (Pacific Daylight Time)
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE ConnectionStack AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:04 GMT-0700 (Pacific Daylight Time)
UPDATE_IN_PROGRESS ConnectionStack AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:03 GMT-0700 (Pacific Daylight Time)
⠴ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS CustomResourcesjson AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:07 GMT-0700 (Pacific Daylight Time)
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE_CLEANUP_IN_PROGRESS amplify-story-dev-174558-apistory-H5AFAQK3RFB2 AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:09 GMT-0700 (Pacific Daylight Time)
UPDATE_COMPLETE CustomResourcesjson AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:07 GMT-0700 (Pacific Daylight Time)
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE apistory AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:14 GMT-0700 (Pacific Daylight Time)
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS functionnotifyUsersOnNewContent AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:17 GMT-0700 (Pacific Daylight Time)
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS amplify-story-dev-174558-functionnotifyUsersOnNewContent-1NW8W3ZS47KKY AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:17 GMT-0700 (Pacific Daylight Time) User Initiated
⠦ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_IN_PROGRESS amplify-story-dev-174558-functionnotifyUsersOnNewContent-1NW8W3ZS47KKY AWS::CloudFormation::Stack Tue Mar 24 2020 16:02:23 GMT-0700 (Pacific Daylight Time) The following resource(s) failed to create: [AmplifyResourcesPolicy].
CREATE_FAILED AmplifyResourcesPolicy AWS::IAM::Policy Tue Mar 24 2020 16:02:22 GMT-0700 (Pacific Daylight Time) The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: bc7c5f42-a965-46d0-aa48-cfa5b3101575)
UPDATE_COMPLETE LambdaFunction AWS::Lambda::Function Tue Mar 24 2020 16:02:22 GMT-0700 (Pacific Daylight Time)
*** more rollback
Expected behavior A clear and concise description of what you expected to happen.
amplify push should succeed.
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. Mac/Windows/Ubuntu] Mac 10.15.3
- Node Version. You can use
node -vto check the node version on your system v13.8.0
Additional context Add any other context about the problem here.
Issue Analytics
- State:
- Created 3 years ago
- Comments:9 (2 by maintainers)
Top Results From Across the Web
Why wasn't my Lambda function triggered by my EventBridge ...
Open the AWS Lambda console. Select the target function. Select the Configuration tab, and then choose Permissions. Under the Resource-based ...
Read more >aws_lambda_function | Resources | hashicorp/aws
Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions....
Read more >Monitoring AWS Lambda With Datadog
In this post, we'll show you how to use Datadog to monitor all of the metrics emitted by Lambda, as well as function...
Read more >Advanced workflows - Lambda Triggers - AWS Amplify Docs
If your manually-configured Lambda Triggers require enhanced permissions, you can run amplify function update after they have been initially configured.
Read more >Fix cross-account Access Denied errors when using Lambda ...
If the permissions between a Lambda function and an Amazon S3 bucket are incomplete or incorrect, then Lambda returns an Access Denied error....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Any update on this?
This issue has been automatically locked since there hasn’t been any recent activity after it was closed. Please open a new issue for related bugs.
Looking for a help forum? We recommend joining the Amplify Community Discord server
*-helpchannels for those types of questions.