Aws-cdk: [lambda] Identify lambda@edge does not support environment variables

Created on 29 Jul 2020  路  3Comments  路  Source: aws/aws-cdk

aws-cdk v1.53.0 or above update causes 400 error when deploying lambda@edge.

With message "The function cannot have environment variables".

My proposal is add new NodejsFunction props to such as disableAdditionalEnv.

Use Case

I want to deploy lambda@edge code by following cdk code.

    new NodejsFunction(this, 'some-awesome-function', {
      role: new Role(this, 'AllowLambdaServiceToAssumeRole', {
        assumedBy: new CompositePrincipal(
          new ServicePrincipal('lambda.amazonaws.com'),
          new ServicePrincipal('edgelambda.amazonaws.com')
        ),
      }),
    })

and when I executed cdk deploy and I got an error:

CREATE_FAILED        | AWS::CloudFront::Distribution | XXXX/CFDistribution (XXXXCFDistributionXXXX) The function cannot have environment variables. Function: arn:aws:lambda:us-east-1:XXXX:function:CdkStack-XXXXD6AD4BEB-1XXXXXXMFY8E:1 (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidLambdaFunctionAssociation;

The error reason is following commit in aws-cdk v1.53.0.
And, environment variables cannot be added to lambda@edge as of July 2020.

https://github.com/aws/aws-cdk/commit/44c040072362456ebdd15799076a67bbb74e6668

      if (props.awsSdkConnectionReuse ?? true) {
        this.addEnvironment('AWS_NODEJS_CONNECTION_REUSE_ENABLED', '1');
      }

awsSdkConnectionReuse is default true, and so lambda@edge developers must set the props false following code:

    new NodejsFunction(this, 'some-awesome-function', {
      role: new Role(this, 'AllowLambdaServiceToAssumeRole', {
        assumedBy: new CompositePrincipal(
          new ServicePrincipal('lambda.amazonaws.com'),
          new ServicePrincipal('edgelambda.amazonaws.com')
        ),
      }),
      awsSdkConnectionReuse: false,
    })

The solution is not intuitive for me. And aws-cdk will add props and add environment in the future. Then developers must be set these props false each.

Proposed Solution

  1. set awsSdkConnectionReuse default value to false

This method is the clearest. I would like you to adopt this policy if possible.

  1. set disableAdditionalEnv props and if the prop set true, addEnvironment methods will not work.

This method requires additional development, but it makes development easier until environment variables can be added to Lambda@edge.

Other

I think I can implement two choices, so I would like to hear your opinion and decide. Or I'd like to know if there is another clear solution.

  • [x] :wave: I may be able to implement this feature request
  • [x] :warning: This feature might incur a breaking change

This is a :rocket: Feature Request

@aws-cdaws-lambda-nodejs bug efformedium in-progress p2
Source
picture TeXmeijin
👍3

Most helpful comment

@jogold @nija-at would be nice to be able to identify that the function is deployed @edge, disallow environment variables during synth and not specify them in NodejsFunction in that case.

picture eladb on 4 Aug 2020
👍21

All 3 comments

I can confirm that the issue existed for me, as well, when upgrading. Adding awsSdkConnectionReuse: false to my lamdba@edge definition worked around the issue.

blimmer picture blimmer on 3 Aug 2020

@jogold @nija-at would be nice to be able to identify that the function is deployed @edge, disallow environment variables during synth and not specify them in NodejsFunction in that case.

eladb picture eladb on 4 Aug 2020
👍21

@jogold
Thanks to open Pull Request!!
The approach seems good because it automatically set environments empty. Developer experiences are better than my proposal.

TeXmeijin picture TeXmeijin on 11 Aug 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ababra picture ababra  路  3Comments
v-do picture v-do  路  3Comments
EduardTheThird picture EduardTheThird  路  3Comments
slipdexic picture slipdexic  路  3Comments
cybergoof picture cybergoof  路  3Comments