Comments (11)
For those of you looking for a quick solution:
def clean_policy(fn_name):
client = boto3.client('lambda')
policy = client.get_policy(FunctionName=fn_name)['Policy']
statements = json.loads(policy)['Statement']
sid_list = [item['Sid'] for item in statements][:-1]
for sid in sid_list:
print("Removing policy SID {}".format(sid))
client.remove_permission(FunctionName=fn_name, StatementId=sid)
print(client.get_policy(FunctionName=fn_name))
from chalice.
I have the same issue, did some research it's the issue on lambda,
i tried the following (which just reset everything)
aws lambda list-functions --> functionname
aws lambda delete-function --function-name functionname
and then just deploy again, it should work (work on mine)
from chalice.
Thanks Jason. I ended up killing the EC2 instance I was using for development and spun up another, copying the app.py and policy.json back into it, and it published correctly. Your solution would have been much cleaner!
from chalice.
No problem KarlXerri
from chalice.
I ran into this too. This is not the IAM policy for the function that is too long, but the resource policy that allows API Gateway to invoke the Lambda function. What is happening is that Chalice is generating a policy statement for every deploy and appending it to the policy. This makes the policy too big after many deploys. When you deleted the function, this is clearing that policy, but this will happen to you again if you deploy a lot.
The part of the code that is causing this problem is here. Every deploy will just append a new statement here until the policy is too big and you get this error.
It seems like this policy never changes, so a fix could be to have Chalice only add the policy when the function is first created. Thoughts?
from chalice.
Any luck figuring out why this happens ? I just ran into this , but oddly I was able to deploy twice before the error occurred.
Below is the error I see :
Error: Error when deploying: An error occurred (PolicyLengthExceededException) when calling the AddPermission operation: The final policy size (20732) is bigger than the limit (20480).
I am on OSX and python 2.7.11
from chalice.
Sounds like a bug, taking a look...
from chalice.
An update, the code that causes this is here:
https://github.com/awslabs/chalice/blob/master/chalice/deployer.py#L306-L317
I suggest that the code look to see if the policy exists first with something like:
policy = self.lambda_client.get_policy(FunctionName=fn_name)['Policy']
policy = json.loads(policy)
policy_exists = False
for stmt in policy['Statement']:
if stmt['Action'] = 'lambda:InvokeFunction'
policy_exists = True
if not policy_exists:
self.lambda_client.add_permission(...)
That would be much more ideal than having a huge policy.
from chalice.
I posted solution elsewhere, copy-pasting here:
I am using gulp-awslambda instead.
The error looks to be of AWS lambda instead.
ISSUE:
Re-deploying an existing lambda is failing
SOLUTION:
- delete lambda function
- re-create it
from chalice.
Sorry @manoharreddyporeddy but it really sounds like a very bad solution, unless you are only creating and deploying your API from the AWS console without using any CI/CD.
Let's say your lambda function (or API Gateway for that matter) is created from a stack (cloudformation or SAM), you are deleting an object from a stack which will lose its unique id and your whole stack will be crashed and you don't have any control to recreate a lambda function with the true unique id (I am not speaking of the name here, but of the ARN).
From what I have seen, there was two problems:
- indeed doing multiple deployments of the same APIs was duplicating the policy. It was fixed (sorry don't have time to find the ticket)
- this hard limit of 20kb per policy, which will not change and depends of the number and size of your routes (hence path parameters). Passing path parameters as query string parameters is a solution, but you should not have to change your API design due to this problem.
Now, instead of adding policies for each route/endpoints, you could create an IAM role allowing API Gateway to call your Lambda (https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html#d0e1938)
from chalice.
@lpalbou
If I had infinite time, all my replies will be perfect.
Intent was not to be perfect, but to share what I found, so that
others can use or improve. To save the day, anything that works is a solution, instead of spending many many hours of futile attempt.
It's possible, there is better options in config given by AWS at this time, and/or the documentation has improved. I don't remember what I wrote in my above reply an year & half ago. Hope yours works and is better, to someone else.
from chalice.
Related Issues (20)
- Unable to Render HTML Page with Chalice and Jinja2
- Why doesn't {proxy+} work as catchall ? HOT 1
- No way to set retry count on event bridge lambda (cron)?
- Support code signing for AWS Lambda
- AWS Chalice: Error on Redeploying @app.on_dynamodb_record Lambda
- Support for arm64 Graviton HOT 1
- Support for SSE streaming (OpenAI support)
- Config `log_retention_in_days` not working HOT 1
- Aws lambda unzipped size error - aws chalice HOT 3
- Update demo Applications to Python 3.10
- HTTPResponse.create_from_dict raise AttributeError when response body is None
- Support Python 3.12 HOT 2
- Failed to create CDK project in CDK >= 2.73.0
- Why middleware applied at blueprint level applies to whole application ?
- automatic layer config option doesn't work with cdk approach
- Export event classes (or at least BaseLambdaEvent) or provide typeshed stub library
- Update Terraform AWS Provider HOT 4
- CDK integration: Should infrastructure/*.out folders be committed to VCS? HOT 1
- Feature Request: Add SourceAccount on S3 Event
- Project Discontinued? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chalice.