This repository was archived by the owner on Jan 28, 2025. It is now read-only.
This repository was archived by the owner on Jan 28, 2025. It is now read-only.
Adding ISR page to already created app doesn't update the IAM policy #1510
Open
Description
Issue Summary
In a scenario where my application doesn't have ISR yet and all the resources were previously provisioned, by adding a page with ISR all the new resources get created but the IAM role of default lambda doesn't get updated.
Actual behavior
Adding new ISR page doesn't work.
Expected behavior
Adding new page feature should update the IAM policy
Steps to reproduce
- create an app without ISR
- add some ISR page
- update the stack
Screenshots/Code/Configuration/Logs
Logs:
{
"errorType": "AccessDenied",
"errorMessage": "Access to the resource https://sqs.us-east-1.amazonaws.com/ is denied.",
"Type": "Sender",
"Code": "AccessDenied",
"Detail": "",
"name": "AccessDenied",
"$fault": "client",
"$metadata": {
"httpStatusCode": 403,
"requestId": "700ce142-f924-5041-a0e6-b8c5d45c40a6",
"attempts": 1,
"totalRetryDelay": 0
},
"stack": [
"AccessDenied: Access to the resource https://sqs.us-east-1.amazonaws.com/ is denied.",
" at /var/task/index-94ce7346.js:2068:68",
" at step (/var/task/serdePlugin-6d615471.js:91:23)",
" at Object.next (/var/task/serdePlugin-6d615471.js:72:53)",
" at fulfilled (/var/task/serdePlugin-6d615471.js:62:58)",
" at processTicksAndRejections (internal/process/task_queues.js:95:5)"
]
}
Policy not updated:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": "arn:aws:s3:::pffaxfu-54g38jc/*",
"Action": [
"s3:GetObject",
"s3:PutObject"
]
}
]
}
If I delete the IAM role it will get re-created but this time with the right policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": "arn:aws:s3:::pffaxfu-54g38jc/*",
"Action": [
"s3:GetObject",
"s3:PutObject"
]
},
{
"Effect": "Allow",
"Resource": "arn:aws:sqs:us-east-1:741788044765:pffaxfu-54g38jc.fifo",
"Action": [
"sqs:SendMessage"
]
}
]
}
Only then with the new policy it starts to work again
Versions
- OS/Environment:
- @sls-next/serverless-component version: 3.2.0
- Next.js version: 11
Additional context
Checklist
- You have reviewed the README and FAQs, which answers several common questions.
- You have reviewed our DEBUGGING wiki and have tried your best to include complete information and reproduction steps (including your configuration) as is possible.
- You have first tried using the most recent
latestoralpha@sls-next/serverless-componentrelease version, which may have already fixed your issue or implemented the feature you are trying to use. Note that the oldserverless-next.jscomponent and theserverless-next.jsplugin are deprecated and no longer maintained.
Metadata
Metadata
Assignees
Labels
No labels