aws-cdk: success and failure lambdas for state machines are being duplicated in iam roles #30059
Labels
@aws-cdk/aws-iam
Related to AWS Identity and Access Management
bug
This issue is a bug.
closing-soon
This issue will automatically close in 4 days unless further comments are made.
effort/medium
Medium work item – several days of effort
p2
response-requested
Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Describe the bug
success and failure lambdas for state machines are being duplicated in iam generated roles.
Expected Behavior
the success / failure path lambda should be added to the associated policy once.
Current Behavior
when creating a success and error lambda for each lambda in a state machine, each success and failure lambda is added to the iam policy document. even when they are the same lambda. due to this, iam policy document size limits are reached quickly as each document that has success and failure lambdas associated with it has n+(n * 2) resources added (where n is the number of unique lambda functions).
Reproduction Steps
create a definition body with the following general format:
Possible Solution
perform a minimal compression on the iam policy document before deploying so that lambdas with duplicate names are not added to the same policy document
Additional Information/Context
No response
CDK CLI Version
2.133
Framework Version
No response
Node.js Version
v18.20.2
OS
macOS (silicon)
Language
TypeScript
Language Version
5.4.4
Other information
No response
The text was updated successfully, but these errors were encountered: