Skip to content

chore(merge-back): 2.171.1#32326

Closed
aws-cdk-automation wants to merge 3 commits intomainfrom
merge-back/2.171.1
Closed

chore(merge-back): 2.171.1#32326
aws-cdk-automation wants to merge 3 commits intomainfrom
merge-back/2.171.1

Conversation

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

@aws-cdk-automation aws-cdk-automation commented Nov 28, 2024

No description provided.

iliapolo and others added 3 commits November 27, 2024 15:56
@iliapolo @rix0rrr
fix(cli): lambda hotswap fails if lambda:GetFunctionConfiguration a…
a073e93 
…ction is not allowed (#32301)

Closes #32219

### Reason for this change



In SDKv3, the standard `waitUntilFunctionUpdated` function invokes the `GetFunctionConfiguration` API, as opposed to SDKv2, which invoked `GetFunction`. This means that consumers of SDKv3 must allow the `lambda:GetFunctionConfiguration` action in their IAM role policy.

### Description of changes



Use a different waiter function provided by the SDK, which invokes `GetFunction` instead of `GetFunctionConfiguration`, and thus restoring required IAM permissions to what they were in SDKv2.

See https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-lambda/src/waiters/waitForFunctionUpdatedV2.ts#L10

> As opposed to https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-lambda/src/waiters/waitForFunctionUpdated.ts#L13

### Description of how you validated changes

Manul test. Assumed a role with the following policies:

![Screenshot 2024-11-27 at 9 34 25](https://github.com/user-attachments/assets/69415c37-6fe8-44d3-972c-1373ec55f46e)

```console
 ❯ cdk deploy --hotswap                                                                                                                                                                                                                                            [09:29:11]

✨  Synthesis time: 2.72s

⚠️ The --hotswap and --hotswap-fallback flags deliberately introduce CloudFormation drift to speed up deployments
⚠️ They should only be used for development - never use them for your production Stacks!

AwsCdkPlaygroundStack: deploying... [1/1]

✨ hotswapping resources:
   ✨ Lambda Function 'AwsCdkPlaygroundStack-Function76856677-7Rl7hiwwO5LQ'
❌  AwsCdkPlaygroundStack failed: TimeoutError: Resource is not in the expected state due to waiter status: TIMEOUT. Waiter has timed out.
```

Then, run the CLI from the PR.

```console
❯ /Users/epolon/dev/src/github.com/aws/aws-cdk/packages/aws-cdk/bin/cdk deploy --hotswap                                                                                                                                                                          [10:03:00]

✨  Synthesis time: 3.46s

⚠️ The --hotswap and --hotswap-fallback flags deliberately introduce CloudFormation drift to speed up deployments
⚠️ They should only be used for development - never use them for your production Stacks!

AwsCdkPlaygroundStack: deploying... [1/1]

✨ hotswapping resources:
   ✨ Lambda Function 'AwsCdkPlaygroundStack-Function76856677-7Rl7hiwwO5LQ'
✨ Lambda Function 'AwsCdkPlaygroundStack-Function76856677-7Rl7hiwwO5LQ' hotswapped!

 ✅  AwsCdkPlaygroundStack

✨  Deployment time: 12.72s

Stack ARN:
arn:aws:cloudformation:us-east-1:01234567890:stack/AwsCdkPlaygroundStack/22f2b380-a7cd-11ef-badd-0e08a8e0b5b1

✨  Total time: 16.19s

>>> elapsed time 23s                                                                                                                                                                                                                                                          
```



### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@rix0rrr
chore(release): 2.171.1
8beaa20
@mergify
chore(release): 2.171.1 (#32311)
a95560c 
See CHANGELOG

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@aws-cdk-automation aws-cdk-automation requested a review from a team as a code owner November 28, 2024 21:15
@aws-cdk-automation aws-cdk-automation requested a review from a team November 28, 2024 21:15
@github-actions github-actions bot added the p2 label Nov 28, 2024
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Nov 28, 2024
@rix0rrr rix0rrr closed this Nov 28, 2024
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Nov 28, 2024

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 28, 2024
@aws-cdk-automation
Copy link
Copy Markdown
Collaborator Author

aws-cdk-automation commented Nov 28, 2024

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: a95560c
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aws-cdk-automation @rix0rrr @iliapolo