Permission does not include alias when attaching a function URL with a pre-traffic hook

Adding FunctionUrlConfig to a serverless function definition which also has a pre-traffic hook creates a lambda permission that points to the latest version of the funciton, not the 'live' alias and browsing the lambda endpoint returns {"error\": "Forbidden"}.

Using the AWS Console, the lambda function shows the Permission on the latest version, but does not show the URL.  Changing to the live alias shows the URL but not the permission.

Example template:
`  MyTestLambda:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: src/
      Handler: main.lambda_handler
      Runtime: python3.9
      FunctionName: MyTestLambda
      Description: Test lambda
      AutoPublishAlias: live
      DeploymentPreference:
        Type: AllAtOnce
        Hooks:
          PreTraffic: !Ref PreTrafficHook

      FunctionUrlConfig:
        AuthType: NONE
`
For ref, this is what I had to add as a workaround:
`
    Type: AWS::Lambda::Permission
    Properties:
      Action: lambda:InvokeFunctionUrl
      Principal: "*"
      FunctionName:
        !Sub
          - "${name}:live"
          - name:
              !Ref myTestLambda
      FunctionUrlAuthType: NONE
`

Using aws-sam-cli version 1.46 on both macOS and Linux.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Permission does not include alias when attaching a function URL with a pre-traffic hook #2386

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Permission does not include alias when attaching a function URL with a pre-traffic hook #2386

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions