Comments (3)
Thanks for reporting this. This seems to be stemming from the transform library instead of SAM CLI. Let me move this issue over to the SAM repo. This behaviour is likely due to how the S3 event is setup and used.
It looks like an S3 bucket notification configuration to Lambda requires the bucket have permissions to invoke the Lambda, before it will setup the notification event. This means that the Lambda permission needs to be created first, but since the permissions is being created first, it has no idea what the bucket's ARN is, hence the broader permission. (ref: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration.html).
from serverless-application-model.
Hi @ananich, thanks for creating an issue. As Lucas explained above, this is a known limitation with S3 bucket notification.
If you create the target resource and related permissions in the same template, you might have a circular dependency.
For example, you might use the AWS::Lambda::Permission resource to grant the bucket permission to invoke an AWS Lambda function. However, AWS CloudFormation can't create the bucket until the bucket has permission to invoke the function (AWS CloudFormation checks whether the bucket can invoke the function). If you're using Refs to pass the bucket name, this leads to a circular dependency.
To avoid this dependency, you can create all resources without specifying the notification configuration. Then, update the stack with a notification configuration.
When using SAM with s3 event source, we have to first create the bucket configuration prior to creating bucket, thus we cannot restrict the bucket in the Condition
property.
from serverless-application-model.
This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
from serverless-application-model.
Related Issues (20)
- Bug: AWS::Serverless::Function Policies partly not applied HOT 8
- Please explain how to version AWS::Serverless::Function artifacts cleanly HOT 11
- Cors error from SAM template and Auth enabled. HOT 3
- VSCode SAM Schema Validation Error with !Ref in Conditions Section HOT 7
- Bug: Creates unnecessary AWSLambdaVPCAccessExecutionRole role HOT 7
- Building features for AWS SAM HOT 4
- Api CORS issue with 500 status after setup Cognito authorizer HOT 3
- Can't reset BinaryMediaTypes to a default value for API Gateway REST API HOT 2
- AWS::Serverless::Api auto deploys API when a resource is being added HOT 4
- Bug: Using a Ref in StageName is Not Working Properly - Template.yaml HOT 4
- Environment variables not updated HOT 5
- !If not working on Serverless:Function handler HOT 5
- how to configure KMSVerifyPolicy and KMSSignPolicy HOT 1
- Feature request: Git sync HOT 4
- Several tests fail with Pydantic 1.10.15 (latest 1.x) HOT 6
- (New Connector Profile) AWS Batch HOT 1
- EventInvokeConfig does not appear in processed template when following the spec HOT 3
- Bug: Lambda function (with alias) doesn't create a new version after its layer is updated, even if `AutoPublishAliasAllProperties` is set to `true` HOT 7
- (New Connector Profile) AWS::ApiGateway::RestApi > AWS::Serverless::StateMachine HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serverless-application-model.