Terraform-provider-aws: Terraform support for Alexa Smart Home Lambda trigger

Created on 10 Nov 2017  ยท  3Comments  ยท  Source: hashicorp/terraform-provider-aws

Terraform version 0.10.7

Lambdas can be invoked using an Alexa Smart Home skill. The function policy to configure this trigger looks like:

{
    "Version": "2012-10-17",
    "Id": "default",
    "Statement": [
        {
            "Sid": "lc-f682ab7d-d077-43ee-b048-1bda8dfc856e",
            "Effect": "Allow",
            "Principal": {
                "Service": "alexa-connectedhome.amazon.com"
            },
            "Action": "lambda:InvokeFunction",
            "Resource": "arn:aws:lambda:eu-west-1:....",
            "Condition": {
                "StringEquals": {
                    "lambda:EventSourceToken": "amzn1.ask.skill.8d72..."
                }
            }
        }
    ]
}

At the moment, the aws_lambda_permission resource does not support setting this Condition on the permission.

I think we might need to rethink how the aws_lambda_permission is defined, as currently it tries to construct this entire policy using specific input args. However each time Amazon adds a new trigger type, these args need to be expanded (e.g. see also #1977). It would be good to have an escape hatch that allows the policy to be given manually, like:

resource "aws_lambda_permission" "myfunction-trigger" {
policy = <<EOF
...
EOF
}

So that any custom policy, or a policy for a new type of trigger which terraform has no understanding of, can be used.

enhancement serviclambda

Most helpful comment

This has been released in version 1.29.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

All 3 comments

The event_source_token argument has been merged and will release with version 1.29.0 of the AWS provider shortly. For those curious, the layout of the existing aws_lambda_permission resource closely resembles the underlying API that supports adding Lambda permissions: https://docs.aws.amazon.com/sdk-for-go/api/service/lambda/#AddPermissionInput

This has been released in version 1.29.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

Was this page helpful?
0 / 5 - 0 ratings