Permissions issue creating Lambda

[cubabit]

When deploying the stack to eu-west-1 region

4:26:02 PM | CREATE_FAILED        | AWS::Lambda::Permission                         | NextjsImageinvokefunctionurl625AF4EF

Resource handler returned message: "Lambda blocked the creation of this policy because it would grant public access to your function. If this is intentional, change your function's BlockPublicPolicy setting to allow public access and try again. (Service: Lambda, Status Code: 400, Request ID: 0ba9163b-4250-43db-a713-faf5bde8e803)" (RequestToken: 8b435ef0-b4f2-8773-bdad-306f898d4071, HandlerErrorCode: GeneralServiceException)

This looks like it is due to a recent change at AWS: Support for JSON resource-based policies and block public access

References

• https://aws-new-features.s3.us-east-1.amazonaws.com/update/2024-09-18.html
• https://docs.aws.amazon.com/lambda/latest/dg/permissions-public-access.html
• https://docs.aws.amazon.com/lambda/latest/api/API_PutPublicAccessBlockConfig.html

[cubabit]

I am not sure, but this may be a fix, if possible through Cloudformation: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-lambda.html

It seems the configuration for Lambda to allow public access to the function is not yet possible to set up via Cloudformation. https://docs.aws.amazon.com/lambda/latest/dg/permissions-public-access.html

[cubabit]

I am preparing a PR to fix this, though it might need some improvements