Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

!Join seems to be broken when using AWS::Lambda::Permission for Api Gateway

See original GitHub issue

Are you certain it’s a bug?

Yes, it looks like a bug

Is the issue caused by a plugin?

It is not a plugin issue

Are you using the latest version?

Yes, I’m using the latest version

Is there an existing issue for this?

I have searched existing issues, it hasn’t been reported yet

Issue description

I’m not using any plugins.

Reproduction Repo: https://github.com/Schachte/ServerlessLambdaSetup

  RetrieveAllSubscribersLambdaPermissionApiGateway:
    Type: 'AWS::Lambda::Permission'
    Properties:
      FunctionName: { "Fn::GetAtt": [ RetrieveAllSubscribersLambdaFunction, Arn ] }
      Action: lambda:InvokeFunction
      Principal: apigateway.amazonaws.com
      SourceArn: 
        Fn::Join: 
          - ""
          - - "helloworld"
            - "*"

The output is the following:

  An error occurred: RetrieveAllSubscribersLambdaPermissionApiGateway - 1 validation error detected: Value 'helloworld*:execute-api:us-west-2:185871347164:a53ihjk9/*/*' at 'sourceArn' failed to satisfy constraint: Member must satisfy regular expression pattern: arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\-])+:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1})?:(\d{12})?:(.*) (Service: AWSLambda; Status Code: 400; Error Code: ValidationException; Request ID: 0646f60d41f; Proxy: null).

My question is, how is it possible for the random data in the error to still show up in the SourceArn if I only joined together the two strings above?

It seems like the join function in this case is making some assumption on what else should be injected in the value? Ideally, I just wanted to interpolate the logical id from a raw !Ref ApiGatewayRestApi

Service configuration (serverless.yml) content

Will post if necessary

Command name and used flags

sls deploy

Command output

See above

Environment information

Operating System:          darwin
     Node Version:              17.3.0
     Framework Version:         2.71.0 (local)
     Plugin Version:            5.5.3
     SDK Version:               4.3.0
     Components Version:        3.18.1

Issue Analytics

State:
Created 2 years ago
Comments:22

Top GitHub Comments

1reaction

Schachtecommented, Jan 16, 2022

@Schachte You need to update the resource policy. Take a look the serverless-api-gateway docs

Ah, that would make sense. I thought overriding the resource name in the other file would take precedence, but I must have been wrong. Ok, good to know. Looks like online there are some pretty weird behaviors using !sub and the ${} syntax in certain scenarios as well, so I can stick to join and the plugin, but was wondering why I was having such a hard time. Thanks again!

1reaction

urmzdcommented, Jan 16, 2022

@Schachte I’m glad I could help 😃 Until the next one (hopefully not 😆 ) 🍻