Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ALB: Lambda permissions should use aws:SourceArn #8271

Closed
2 tasks
argenstijn opened this issue May 29, 2020 · 4 comments
Closed
2 tasks

ALB: Lambda permissions should use aws:SourceArn #8271

argenstijn opened this issue May 29, 2020 · 4 comments
Labels
@aws-cdk/aws-elasticloadbalancingv2 Related to Amazon Elastic Load Balancing V2 bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort p2

Comments

@argenstijn
Copy link

argenstijn commented May 29, 2020
edited by rix0rrr
Loading

This is both more secure and makes the ALB show up in the Lambda console.

If you create a Lambda with ALB integration
you don't see the ALB popping up in the AWS console in the designer TAB.

afbeelding

Should be like this:

afbeelding

I think you should explicit give the TG access to the lambda.

{
"Sid": "WhaTEVER",
"Effect": "Allow",
"Principal": {
"Service": "elasticloadbalancing.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "LAMBDA",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "TARGET GROUP"
}
}
}

Use Case

Proposed Solution

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@argenstijn argenstijn added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels May 29, 2020
@argenstijn
Copy link
Author

It;s CDK 1.39 by the way. I am using Java 11 with CDK!

@SomayaB SomayaB added the @aws-cdk/aws-elasticloadbalancingv2 Related to Amazon Elastic Load Balancing V2 label Jun 1, 2020
@rix0rrr
Copy link
Contributor

rix0rrr commented Jun 1, 2020

Sure. But I'm a little confused.

Can you explain to me how it is that the TargetGroup/LoadBalancer can apparently call the Lambda (since handling requests works, no?) but not see it to render it in the console?

@argenstijn
Copy link
Author

argenstijn commented Jun 2, 2020
edited by SomayaB
Loading

@rix0rrr Because of the permission below. But this is not enough clearly for AWS to show the ALB in the designer view of the LAMBDA

{
"Sid": "iapi-dev-nec-test-CDKStack-awsLambdaLambdaAliasInvokeServicePrincipalelasticloadbalanc-J0ER6SMD8G8Y",
"Effect": "Allow",
"Principal": {
"Service": "elasticloadbalancing.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:eu-west-1:124905771571:function:iapi-dev-nec-test-lambda:life"
},

@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Jun 2, 2020
@rix0rrr rix0rrr changed the title CDK ALB with LAMBDA integration should give TG permission in order to see the ALB in the AWS Console designer view ALB: Lambda permissions should use aws:SourceArn Jun 3, 2020
@rix0rrr rix0rrr added bug This issue is a bug. p2 and removed feature-request A feature should be added or improved. labels Jun 3, 2020
@rix0rrr rix0rrr added the effort/small Small work item – less than a day of effort label Aug 12, 2020
@SomayaB SomayaB assigned njlynch and unassigned rix0rrr Aug 20, 2020
@github-actions
Copy link

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jun 17, 2022
This was referenced Mar 25, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-elasticloadbalancingv2 Related to Amazon Elastic Load Balancing V2 bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort p2
Projects
None yet
Milestone
No milestone
4 participants
@argenstijn @rix0rrr @njlynch @SomayaB