Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Lambda as target in ALB fails to create due to Principal permission issue
See original GitHub issueWhen a Lambda function is registered as a target group in an Application Load Balancer it adds a AWS::Lambda::Permission allowing the Principal: elasticloadbalancing.amazonaws.com to invoke the function.
However, the Target group does not contain a dependency on this permission and due to order of creation might fail if CloudFormation decides to create the TargetGroup before the Lambda permission.
Reproduction Steps
alb = ApplicationLoadBalancer(...)
listener = alb.add_listener("Listener", port=80, open=False)
lambda_function = Function(...)
listener.add_targets(
"Target",
targets=[LambdaTarget(lambda_function)],
priority=1,
)
Error Log
From the CloudFormation console:
API: elasticloadbalancingv2:RegisterTargets elasticloadbalancing principal does not have permission to invoke arn:aws:lambda:us-west-2:********:function:LambdaFunctionF38095AF-1BKXQUR0FWO9P from target group arn:aws:elasticloadbalancing:us-west-2:***********:targetgroup/LambdaFunction6BJ8GFZ2AFNJ/40d175d269b48dec
Environment
- **CLI Version :1.14.0
- **Framework Version:1.14.0
- **OS :N/A
- **Language :English
Other
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 4 years ago
- Reactions:3
- Comments:9 (3 by maintainers)
Top Results From Across the Web
Lambda functions as targets - Elastic Load Balancing
After you deregister a Lambda function, in-flight requests fail with HTTP 5XX errors. To replace a Lambda function, we recommend that you create...
Read more >ALB/Lambda CloudFormation circular dependency
This is happening because CFn is creating the ALB target group before the permission is being created.
Read more >AWS: Can Lambda permission policy have a source from ...
Since lambda is showing error stating that the sourceArn is not valid, it makes me wonder if the sourceArn allows wildcards on a...
Read more >403 when using Terraform to attach Lambda Function to ...
It looks like the Lambda function gets created OK along with an ALB and a Target Group, but fails on the step when...
Read more >terraform-aws-modules/lambda/aws
Terraform module, which creates almost all supported AWS Lambda resources as well as taking care of building and packaging of required ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hi,
will this be part of 1.38.1 or 1.39.0? Because with 1.38.0 we still experience the issue?
thanks!
I’ve solved this with: