Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Creation of FunctionURLAllowPublicAccess resource-based Lambda policy by the Terraform provider #38260

Open
EreminAnton opened this issue Jul 5, 2024 · 1 comment
Open

[Bug]: Creation of FunctionURLAllowPublicAccess resource-based Lambda policy by the Terraform provider #38260

EreminAnton opened this issue Jul 5, 2024 · 1 comment
Labels
bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer.

Comments

@EreminAnton
Copy link

EreminAnton commented Jul 5, 2024
edited
Loading

Terraform Core Version

v.1.7.4

AWS Provider Version

v5.55.0

Affected Resource(s)

aws_lambda_function_url

Expected Behavior

Provider should create lambda URL for the lambda

Actual Behavior

The provider creates a Lambda URL and a resource-based policy statement for the Lambda: FunctionURLAllowPublicAccess

I am unsure if creating a policy on a user's behalf is appropriate, and it isn't documented in the resource's documentation. Additionally, this resource-based policy persists even when the aws_lambda_function_url resource is deleted.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

# Lambda url configuration from the terraform-aws-lambda module. 
  create_lambda_function_url = true
  authorization_type = "NONE" # By default. and exactly this line will cause creation of a policy

  cors = {
    allow_credentials = true
    allow_origins     = ["https://slack.com"]
    allow_methods     = ["POST"]
    max_age           = 86400
  }

Steps to Reproduce

  • Create the Lambda function.
  • Check the AWS console to observe that the policy does not exist.
  • Use the aws_lambda_function_url resource to create the URL.
  • Then, check the AWS console to observe the policy created, as created by the provider.
  • Next, delete the Lambda URL by deleting the aws_lambda_function_url resource.
  • Finally, check the AWS console again to see that the policy persists.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/lambda/function_url.go#L153-L175

Would you like to implement a fix?

None
@EreminAnton EreminAnton added the bug Addresses a defect in current functionality. label Jul 5, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 5, 2024

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Jul 5, 2024
@EreminAnton EreminAnton mentioned this issue Jul 5, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@EreminAnton