search

jradikk / serverless-aws-signer

Serverless plugin for signing Lambda functions with AWS Signer
MIT License
4 stars 7 forks source link

Built-in cognito handler doesn't seem to be signed #6

Open AutomationD opened 2 years ago

AutomationD commented 2 years ago

Serverless v2.72.3 I'm getting the following error:

 Serverless Error ----------------------------------------

  An error occurred: CustomDashresourceDashexistingDashcupLambdaFunction - Resource handler returned message: "Lambda cannot deploy the function. The function or layer might be signed using a signature that the client is not configured to accept. Check the provided signature for arn:aws:lambda:us-west-2:000000000000:function:foobar-dev-custom-resource-existing-cup. (Service: Lambda, Status Code: 400, Request ID: 8e940609-0000-0000-0000-425a543dc4a5)" (RequestToken: 46558a32-0000-0000-0000-8bc278f436e4, HandlerErrorCode: InvalidRequest).

Seems like this part is creating a lambda which is unrelated to our code (internally generated by serverless?):

// Cognito User Pool
  getCustomResourceCognitoUserPoolHandlerFunctionName() {
    return 'custom-resource-existing-cup';
  },

Here's my event config:

    events:
      - cognitoUserPool:
          pool: dev-foobar
          trigger: PostAuthentication
          existing: true
mprzytulski commented 2 years ago

Looks like we have the same issue with custom resources while using existing s3 bucket events. From my quick investigation, looks like custom resources are deployed as separate packages and will require separate signature.