[Bug]: Creation of FunctionURLAllowPublicAccess resource-based Lambda policy by the Terraform provider

[EreminAnton]

Terraform Core Version

v.1.7.4

AWS Provider Version

v5.55.0

Affected Resource(s)

aws_lambda_function_url

Expected Behavior

Provider should create lambda URL for the lambda

Actual Behavior

The provider creates a Lambda URL and a resource-based policy statement for the Lambda: FunctionURLAllowPublicAccess

I am unsure if creating a policy on a user's behalf is appropriate, and it isn't documented in the resource's documentation. Additionally, this resource-based policy persists even when the aws_lambda_function_url resource is deleted.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

# Lambda url configuration from the terraform-aws-lambda module. 
  create_lambda_function_url = true
  authorization_type = "NONE" # By default. and exactly this line will cause creation of a policy

  cors = {
    allow_credentials = true
    allow_origins     = ["https://slack.com"]
    allow_methods     = ["POST"]
    max_age           = 86400
  }

Steps to Reproduce

• Create the Lambda function.
• Check the AWS console to observe that the policy does not exist.
• Use the aws_lambda_function_url resource to create the URL.
• Then, check the AWS console to observe the policy created, as created by the provider.
• Next, delete the Lambda URL by deleting the aws_lambda_function_url resource.
• Finally, check the AWS console again to see that the policy persists.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/lambda/function_url.go#L153-L175

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.