search

awslabs / aws-serverless-data-lake-framework

Enterprise-grade, production-hardened, serverless data lake on AWS
https://sdlf.workshop.aws/
MIT No Attribution
400 stars 133 forks source link

Attaching AWS SDK for pandas layer to lambda via sdlf stage template.yaml fails #276

Closed kangsoon-dev closed 3 months ago

kangsoon-dev commented 4 months ago

Describe the bug Resource handler returned message: "User: arn:aws:sts::XXX:assumed-role/sdlf-cicd-team-engineering/AWSCloudFormation is not authorized to perform: lambda:GetLayerVersion on resource: arn:aws:lambda:ap-southeast-1:336392948345:layer:AWSSDKPandas-Python311:8 because no identity-based policy allows the lambda:GetLayerVersion action.

To Reproduce Steps to reproduce the behavior:

  1. Under sdlf-stageA, edit template.yaml
  2. Under Layers, add the arn of the AWS SDK for pandas layer version: arn:aws:lambda:ap-southeast-1:336392948345:layer:AWSSDKPandas-Python311:8
  3. Trigger the sdlf-cicd-teams-datalake-dev-engineering-rTeamCodePipeline

Expected behavior Nested CF stack that is updating resources for the stage fails: Resource handler returned message: "User: arn:aws:sts::XXX:assumed-role/sdlf-cicd-team-engineering/AWSCloudFormation is not authorized to perform: lambda:GetLayerVersion on resource: arn:aws:lambda:ap-southeast-1:336392948345:layer:AWSSDKPandas-Python311:8 because no identity-based policy allows the lambda:GetLayerVersion action.

SDLF release (if known): v2.1.1

kangsoon-dev commented 4 months ago

Please see the pull request for the fix.

cnfait commented 3 months ago

I'm reopening this ticket - we usually wait for the fix to be accepted/merged into main before closing issues!

cnfait commented 3 months ago

Fixed in https://github.com/awslabs/aws-serverless-data-lake-framework/pull/277