amplify-category-api
amplify-category-api copied to clipboard
aws-amplify
unable to extend opensearchstreaminglambda policy with overrides
Note: If your question is regarding the AWS Amplify Console service, please log it in the AWS Amplify Console repository
Which Category is your question related to? API
Amplify CLI Version 9.2.1
You can use amplify -v to check the amplify cli version on your system
What AWS Services are you utilizing? OpenSearch, Lambda, IAM
Provide additional details e.g. code snippets. Be sure to remove any sensitive data.
How can I append to the OpenSearch Streaming Lambda IAM Role policy using override.ts? I have attempted adding the following code in the api override.ts file, however, it seems to fail silently and ignore all other configurations in the override.ts file.
const searchStreamingLambdaName = "test-name";
resources.opensearch.OpenSearchStreamingLambdaFunction.functionName = searchStreamingLambdaName;
const lambdaRole = resources.opensearch.OpenSearchStreamingLambdaIAMRole;
const basePolicies = Array.isArray(lambdaRole.policies)
? lambdaRole.policies
: [lambdaRole.policies];
resources.opensearch.OpenSearchStreamingLambdaIAMRole.policies = [
...basePolicies,
{
policyName: 'custom-transform-lambda-permissions',
policyDocument: {
Version: '2012-10-17',
Statement: [
{
Resource: '*',
Action: ['lambda:InvokeFunction'],
Effect: 'Allow',
},
],
},
},
];
More specifically, when I run amplify push -y, I notice that the OpenSearchStreamingLambdaFunction gets recreated with a different name (something auto-generated) and the policy I added is not present in the IAM role. When I remove the line that defines resources.opensearch.OpenSearchStreamingLambdaIAMRole.policies, I see the OpenSearchStreamingLambdaFunction created with the value of searchStreamingLambdaName
Am I incorrectly appending the policy to OpenSearchStreamingLambdaIAMRole? I followed the documentation for overriding the project level IAM auth role
