serverless-aws-alias icon indicating copy to clipboard operation
serverless-aws-alias copied to clipboard

Published 20 hours ago verified publisher icon serverless-heaven

AWS::Lambda::Permission for SNS not working

Open alfredkrohmer opened this issue 6 years ago • 7 comments

Hi,

I'm trying to create an additional AWS::Lambda::Permission for invocation by SNS topics:

resources:
    SNSPermission:
      Type: AWS::Lambda::Permission
      Properties:
        FunctionName:
          Ref: Route53Registration
        Action:    lambda:InvokeFunction
        Principal: sns.amazonaws.com
        SourceArn:
          Fn::Join:
          - ':'
          -
            - 'arn:aws:sns'
            - Ref: 'AWS::Region'
            - Ref: 'AWS::AccountId'
            - '*'

But I get the following error:

Serverless: Updating alias stack...
Serverless: WARNING: Inappropriate call of provider.request()
 
  Serverless Error ---------------------------------------
 
  [/Resources/SNSPermission/DependsOn/0] 'null' values are not allowed in templates
 
  Stack Trace --------------------------------------------
 
ServerlessError: [/Resources/SNSPermission/DependsOn/0] 'null' values are not allowed in templates
    at BbPromise.fromCallback.catch.err (/usr/local/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:258:33)
From previous event:
    at persistentRequest (/usr/local/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:247:13)
    at doCall (/usr/local/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:205:9)
    at BbPromise (/usr/local/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:216:14)
From previous event:
    at persistentRequest (/usr/local/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:203:38)
    at Object.request.requestQueue.add [as promiseGenerator] (/usr/local/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:237:49)
    at Queue._dequeue (/usr/local/lib/node_modules/serverless/node_modules/promise-queue/lib/index.js:149:30)
    at /usr/local/lib/node_modules/serverless/node_modules/promise-queue/lib/index.js:108:18
From previous event:
    at Queue.add (/usr/local/lib/node_modules/serverless/node_modules/promise-queue/lib/index.js:93:16)
    at AwsProvider.request (/usr/local/lib/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:237:39)
    at AwsAlias.updateAlias (/home/alfred/repos/oa/lambda-asg-sf/route53_registration/node_modules/serverless-aws-alias/lib/updateAliasStack.js:82:25)
    at runCallback (timers.js:672:20)
    at tryOnImmediate (timers.js:645:5)
    at processImmediate [as _immediateCallback] (timers.js:617:5)
 
  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Forums:        forum.serverless.com
     Chat:          gitter.im/serverless/serverless
 
  Your Environment Information -----------------------------
     OS:                     linux
     Node Version:           6.11.4
     Serverless Version:     1.25.0

This is the relevant part of the generated CloudFormation template:

    "SNSPermission": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "FunctionName": {},
        "Action": "lambda:InvokeFunction",
        "Principal": "sns.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            ":",
            [
              "arn:aws:sns",
              {
                "Ref": "AWS::Region"
              },
              {
                "Ref": "AWS::AccountId"
              },
              "*",
              "-dev"
            ]
          ]
        }
      },
      "DependsOn": [
        null,
        null
      ]
    }

There are three problems:

  1. The FunctionName property is set to an empty hash.
  2. The SourceArn property is suffixed with -dev.
  3. The DependsOn attribute is an array of two nulls.

alfredkrohmer avatar Feb 12 '18 18:02 alfredkrohmer

Can you try with the version in master instead of the NPM version? Just use "serverless-aws-alias": "github:hyperbrain/serverless-aws-alias#master" in your package.json.

There are some new fixes with SNS there.

HyperBrain avatar Feb 14 '18 09:02 HyperBrain

I did that and the result is the same. I also tried to add "scripts": {"deploy": "serverless deploy"} to package.json and run npm run deploy (to make sure the correct version of the plugin is loaded) but still the same result. Is there another way to verify that the correct version of the plugin is loaded?

alfredkrohmer avatar Feb 19 '18 10:02 alfredkrohmer

Is the Route53Registration function part of the project, or is it an external function reference?

HyperBrain avatar Feb 21 '18 10:02 HyperBrain

It's the only function in this project, so no external reference.

alfredkrohmer avatar Feb 21 '18 19:02 alfredkrohmer

Any update on this?

alfredkrohmer avatar Mar 08 '18 09:03 alfredkrohmer

I think one problem here is that it tries to modify the source ARN and append the current alias (because any SNS topics deployed with serverless will also have the alias suffix). But in my case I have a pre-existing SNS topic that is shared by multiple lambda functions and I just want the lambda function that I'm deploy currently to invoked by that pre-existing SNS topic.

alfredkrohmer avatar Mar 09 '18 13:03 alfredkrohmer

@devkid I think you're right. In case the topic arn is external there should be no addition of the alias name.

A way to fix this would be, to check if the source arns of the permission resources are external, and if one is, skip the alias extension. However the detection algorithm for external/internal has to be deterministic and reliable.

HyperBrain avatar Mar 09 '18 14:03 HyperBrain

Closing since the project seems to be dead

alfredkrohmer avatar Apr 03 '23 07:04 alfredkrohmer