Amplify-cli: IAM Role Names for @function directive are not unique enough.

Created on 1 Oct 2019  路  6Comments  路  Source: aws-amplify/amplify-cli

Describe the bug
Automatically generated IAM Role Names for @function directive are not unique enough.
Will result in AWS::IAM::Role already exists in (other) stack error

To Reproduce
Steps to reproduce the behavior:

  1. Create a new serverless.com project
  2. Give it a long service name, for example: long-service-name-functions
  3. Create multiple functions, for example do-something and get-something
  4. This will result in lambda function with the name long-service-name-functions-prod-do-something and long-service-name-functions-prod-get-something
  5. Use the Lambda functions as @function directive
  6. For example:
type Query {
  getSomething(email: String): String
    @function(name: "long-service-name-functions-prod-get-something")
}

type Mutation {
  doSomething(email: String): String
    @function(name: "long-service-name-functions-prod-do-something")
}
  1. amplify push
  2. An automatically generated IAM Role Name is created LongServiceNameFunctionsPr-xxxxxxxxxxxxxxxxxxxxxxxxxx-production for both functions. And will result in an AWS::IAM::Role already exists in (other) stack error

Expected behavior

  • support long prefixes in (serverless) lambda functions
bug graphql-transformer
Source
picture daannijkamp
👍2

All 6 comments

Does anyone have any workarounds for this in the meantime, manual steps will do?

danshirley1 picture danshirley1 on 9 Oct 2019

@danshirley1 We got the issue recently too. These kind of cloudformation limitations are becoming a huge blocker for Amplify in a greater extent. @SwaySway Is their any workaround?

babu-upcomer picture babu-upcomer on 17 Oct 2019

@danshirley1 @babu-upcomer the +/- first 27 characters of the lambda function name is used for the IAM Role Name.
The only workaround is to use shorter Lambda function names (more likely that the first 27 characters are unique)
Don't know whether this is a limitation of Cloudformation or Amplify.

daannijkamp picture daannijkamp on 17 Oct 2019
👍1

@SwaySway Adding a hash based on the full string (for example md5) as a prefix to the simplifyName function (https://github.com/aws-amplify/amplify-cli/blob/master/packages/graphql-transformer-common/src/util.ts#L16), do you think this can work?

daannijkamp picture daannijkamp on 17 Oct 2019

@daannijkamp Yea it's a cloudformation (related to iam) limit that is 64 characters on the iam role name which is created for the lambda function.
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html

Which is comprised of the following

  • functionName-API_ID-Hash

One option would be to remove the api id and that alone could be unique with the function name and the hash.

SwaySway picture SwaySway on 18 Oct 2019

Closing this as the pr #3030 for this has been merged.

SwaySway picture SwaySway on 20 Dec 2019
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

darrentarrant picture darrentarrant  路  3Comments
nason picture nason  路  3Comments
MageMasher picture MageMasher  路  3Comments
zjullion picture zjullion  路  3Comments
adriatikgashi picture adriatikgashi  路  3Comments