graphql icon indicating copy to clipboard operation
graphql copied to clipboard

Published 20 hours ago verified publisher icon serverless-components

Incorrect account ids in lambda policy

Open hypexr opened this issue 4 years ago • 2 comments

graphql 3.0.3

I have graphql components configured to deploy to different stages each with a different provider defined in the serverless web ui with each provider being a different aws account.

When I deploy to the different stages the resources are created in the correct account, but about 50% of the time the account id in the lambda's role for invokeFunction is incorrect. When this happens making a graphql call returns an error that appsync is not able to call the lambda.

When the account id is incorrect it is an account id from one of the other 2 accounts.

        {
            "Effect": "Allow",
            "Action": [
                "lambda:invokeFunction"
            ],
            "Resource": "arn:aws:lambda:us-west-2:<wrong account id>:function:api-v8-stagename-appname-s2229lk*"
        }

When deploying to one account with one configured provider in the serverless UI it successfully created lambda invokeFunction policies with the correct account ids.

hypexr avatar Feb 17 '21 05:02 hypexr

I believe I ran into this multiple times as well.

mwawrusch avatar Apr 08 '21 01:04 mwawrusch

And customer support like this is why we leave the serverless ecosystem after being there since version 0.2 (or 0.4).

mwawrusch avatar Oct 05 '21 20:10 mwawrusch