Git Product home page Git Product logo

Comments (3)

lucashuy avatar lucashuy commented on June 19, 2024

Thanks for reporting this. This seems to be stemming from the transform library instead of SAM CLI. Let me move this issue over to the SAM repo. This behaviour is likely due to how the S3 event is setup and used.

It looks like an S3 bucket notification configuration to Lambda requires the bucket have permissions to invoke the Lambda, before it will setup the notification event. This means that the Lambda permission needs to be created first, but since the permissions is being created first, it has no idea what the bucket's ARN is, hence the broader permission. (ref: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration.html).

from serverless-application-model.

GavinZZ avatar GavinZZ commented on June 19, 2024

Hi @ananich, thanks for creating an issue. As Lucas explained above, this is a known limitation with S3 bucket notification.

If you create the target resource and related permissions in the same template, you might have a circular dependency.

For example, you might use the AWS::Lambda::Permission resource to grant the bucket permission to invoke an AWS Lambda function. However, AWS CloudFormation can't create the bucket until the bucket has permission to invoke the function (AWS CloudFormation checks whether the bucket can invoke the function). If you're using Refs to pass the bucket name, this leads to a circular dependency.

To avoid this dependency, you can create all resources without specifying the notification configuration. Then, update the stack with a notification configuration.

When using SAM with s3 event source, we have to first create the bucket configuration prior to creating bucket, thus we cannot restrict the bucket in the Condition property.

from serverless-application-model.

github-actions avatar github-actions commented on June 19, 2024

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.

from serverless-application-model.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.