API Gateway Resource Policy limits with too many scheduled events

[aleontiev]

Context

On a recent deployment, I hit this error:

An error occurred (PolicyLengthExceededException) when calling the AddPermission operation: The final policy size (20698) is bigger than the limit (20480).

When looking at the policy, I can see that Zappa is creating one policy entry for each task, e.g:

{
  "StringEquals": {
    "AWS:SourceAccount": "$AWS_ACCOUNT_ID"
  },
  "ArnLike": {
    "AWS:SourceArn": "arn:aws:events:$AWS_REGION:$AWS_ACCOUNT_ID:rule/$AWS_LAMBDA_FUNCTION_NAME.$APP_TASK_NAME"
  }
}

I know this is an AWS limit and not strictly a Zappa issue, but I wonder if there can be a more efficient way to handle these permissions so that larger functions can support more events.

Possible Fix

Either one of these:

a) (preferred, better UX for users) a policy generator that uses a wildcard in the SourceArn so that all events can be supported by a single clause in the policy

b) (easier implementation for Zappa) a way to disable automatic API Gateway Resource Policy management in Zappa so that users can manage the policy manually

[aleontiev]

Bump, any thoughts? Still running into this, so far I was able to find a few old/redundant jobs to consolidate, but hoping for a longer term solution..

[aleontiev]

Any support for this issue or interest in accepting a PR? I am working around it in a fork

[grantmcconnaughey]

I'm running into this, too. Currently trying to figure out a way to work around it.