search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.76k stars 9.12k forks source link

[Enhancement]: Support Lambda Public Policy Configuration #39395

Open ryancormack opened 1 week ago

ryancormack commented 1 week ago

Description

When applying a Resource Policy to a Lambda Function for a Function URL to be publicly accessible you must also configure the Function to enable and allow Public Access Policy on it.

It's currently not possible to apply this via Terraform, so when adding a Resource Policy to a function, the apply fails as the Function is blocked from being made publicly available.

Example policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "lambda:InvokeFunctionUrl",
            "Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-function",
            "Condition": {
                "StringEquals": {
                    "lambda:FunctionUrlAuthType": "NONE"
                }
            }
        }
    ]
}

Affected Resource(s) and/or Data Source(s)

Potential Terraform Configuration

resource "aws_lambda_function" "test_lambda" {
  filename      = "lambda_function_payload.zip"
  function_name = "lambda_function_name"
  // REST

  // This block would be optional
  public_access_configuration {
    block_public_policy      = true //true is default
    restrict_public_resource = false //true is default
  }
}

References

Function URL Auth docs Public Access Docs Public Access API Spec

Would you like to implement a fix?

Yes

github-actions[bot] commented 1 week ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue