Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(@aws-cdk/aws-apigatewayv2-alpha): After adding around 30 routes to a http api, I got policy PolicyLengthExceededException

See original GitHub issue

What is the problem?

I’m creating http api using: const api = new HttpApi (from '@aws-cdk/aws-apigatewayv2-alpha') , and then I’m adding routes to it, something like this:

api.addRoutes({
      path: '/jobs',
      methods: [apiGateway.HttpMethod.PUT, apiGateway.HttpMethod.GET, apiGateway.HttpMethod.POST],
      integration: lambdaIntegration
    })

I got to around 30 routes, all the routes are connected to one and the same lambda. At which point I got the following exception from the CloudFormation:

22:28:54 | CREATE_FAILED        | AWS::Lambda::Permission             | UserServiceAPIGETn...Permission1A32E9FF
The final policy size (20937) is bigger than the limit (20480). (Service: AWSLambdaInternal; Status Code: 400; Error Code: PolicyLengthExceededException; Request ID: d673
c975-ff84-43da-9120-4be039578371; Proxy: null)

If I understand right, CDK adds policy statements for each route to the resource-based policy of the lambda. The statements look like this:

{
      "Sid": "UserServiceStack-UserServiceAPIPUTjobapplicationsUserServiceAPIPermission1CBB1DA2-fds",
      "Effect": "Allow",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:eu-central-1:fds:function:UserServiceStack-UserServiceAPIhandler4CB02A91-rGHPeEZcjJTY",
      "Condition": {
        "ArnLike": {
          "AWS:SourceArn": "arn:aws:execute-api:eu-central-1:fsd:j057ar4qy1/*/*/job-applications"
        }
      }
    },

So, it seems they quickly get the total length of the policy document to the max. I think I will create two CDK lambdas from the same code, and split it among the routes, to somehow solve the immediate problem, but it might be good if the CDK could automatically solve this.

Reproduction Steps

Create a HTTP API
Add +30 routes to it all connected to the same lambda (through lambda integration)

What did you expect to happen?

The routes are proprely created

What actually happened?

Got: Service: AWSLambdaInternal; Status Code: 400; Error Code: PolicyLengthExceededException

CDK CLI Version

2.17.0 (build f9cd009)

Framework Version

No response

Node.js Version

OS

Mac OS

Language

Typescript

Language Version

No response

Other information

No response

Issue Analytics

State:
Created a year ago
Reactions:2
Comments:10 (3 by maintainers)

Top GitHub Comments

2reactions

peterwoodworthcommented, Mar 29, 2022

Thanks for letting me know the issue is still occurring. A bit disappointing to hear

1reaction

peterwoodworthcommented, Mar 28, 2022

Hey, we’ve actually just recently merged a PR which aims to tackle all sorts of policy size limit issues. Look forward to the next v2 release and let me know if this is still an issue 🙂

https://github.com/aws/aws-cdk/issues/19114