amplify-backend
amplify-backend copied to clipboard
aws-amplify
Cannot add DDB stream event mapping to lambda
Environment information
System:
OS: macOS 15.0.1
CPU: (12) arm64 Apple M3 Pro
Memory: 464.98 MB / 18.00 GB
Shell: /bin/zsh
Binaries:
Node: 22.6.0 - /private/var/folders/l5/hjlkqmn160n235q2fx60mrmw0000gn/T/xfs-acd3d827/node
Yarn: 4.4.1 - /private/var/folders/l5/hjlkqmn160n235q2fx60mrmw0000gn/T/xfs-acd3d827/yarn
npm: 10.8.2 - ~/.nvm/versions/node/v22.6.0/bin/npm
pnpm: undefined - undefined
NPM Packages:
@aws-amplify/auth-construct: 1.3.0
@aws-amplify/backend: 1.1.1
@aws-amplify/backend-auth: 1.1.3
@aws-amplify/backend-cli: 1.2.5
@aws-amplify/backend-data: 1.1.2
@aws-amplify/backend-deployer: 1.1.0
@aws-amplify/backend-function: 1.3.3
@aws-amplify/backend-output-schemas: 1.1.0
@aws-amplify/backend-output-storage: 1.1.1
@aws-amplify/backend-secret: 1.1.0
@aws-amplify/backend-storage: 1.1.2
@aws-amplify/cli-core: 1.1.2
@aws-amplify/client-config: 1.2.1
@aws-amplify/deployed-backend-client: 1.4.0
@aws-amplify/form-generator: 1.0.1
@aws-amplify/model-generator: 1.0.5
@aws-amplify/platform-core: 1.0.6
@aws-amplify/plugin-types: 1.2.1
@aws-amplify/sandbox: 1.2.0
@aws-amplify/schema-generator: 1.2.1
aws-amplify: 6.5.1
aws-cdk: 2.153.0
aws-cdk-lib: 2.153.0
typescript: 5.5.4
AWS environment variables:
AWS_STS_REGIONAL_ENDPOINTS = regional
AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables
Describe the bug
I'm attempting to add DDB triggers to my amplify backend. I have the following backend definition:
const backend = defineBackend({
auth,
data,
preTokenGeneration,
...functionResources,
});
const {
auth: { resources: authResources },
data: { resources: dataResources },
} = backend;
const createDDBPolicy = (stack: Stack, id: string, table: ITable) => {
return new iam.Policy(stack, id, {
statements: [
new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams",
],
resources: [table.tableStreamArn!, table.tableArn],
}),
],
});
};
const inviteTable = dataResources.tables.Invite;
const inviteStreamPolicy = createDDBPolicy(
Stack.of(inviteTable),
"InviteStreamPolicy",
inviteTable
);
backend.inviteCreateTrigger.resources.lambda.role?.attachInlinePolicy(
inviteStreamPolicy
);
const inviteMapping = new EventSourceMapping(
Stack.of(inviteTable),
"InviteStreamMapping",
{
eventSourceArn: inviteTable.tableStreamArn,
target: backend.inviteCreateTrigger.resources.lambda,
startingPosition: StartingPosition.LATEST,
}
);
inviteMapping.node.addDependency(inviteStreamPolicy);
// Create other relevant table mappings
This works fine on a fresh deploy, but if I attempt to deploy over existing resources, I get an issue saying:
UPDATE_ROLLBACK_COMPLETE: Resource handler returned message: "Invalid request provided: Stream arn:aws:dynamodb:{region}:{id}:table/Invite-{stackId}-NONE/stream/{timestamp} is Disabled. You cannot create a lambda mapping on a stream that is Disabled.
it seems to have to do with the stream ARNs... the timestamp that my deploy/CF template is assuming is stream/2024-10-01T15:42:39.380 but the actual ARN on my table is stream/2024-10-01T15:55:59.319.
Reproduction steps
Deploy a DDB table using the defineBackend method.
After successful deploy, use the code above to add the stream policy to a defined/deployed lambda and EventSourceMapping for the table using the lambda.
You should see the error listed above during attempted deploy and a clear mismatch between the enabled stream ARN on the existing table vs the one the mapping is trying to reference.
