Skip to content

Commit

Permalink
Fix account management lambdas in v3.2
Browse files Browse the repository at this point in the history
**Why?**

Issue: awslabs#728

With the latest Python runtime update provided by AWS Lambda, the boto3
dependencies were upgraded. However, with the account management Lambda
functions, the `aws-xray-sdk` requires botocore v1.29.54. This version
is incompatible with the latest boto3 package that was added to the Lambda
function runtime. Hence, it returned an error as described in 728.

**What?**

To ensure compatible versions are installed, ADF's lambda functions should
set the specific version of boto3 in its requirements.txt file if they rely on
that.
  • Loading branch information
sbkok committed May 24, 2024
1 parent 0d3a7b2 commit 8535131
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 4 deletions.
2 changes: 2 additions & 0 deletions src/lambda_codebase/account_processing/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
aws-xray-sdk==2.11.0
boto3==1.26.48
botocore==1.29.48
pyyaml>=5.4.1
wrapt==1.14.1 # https://github.com/aws/aws-lambda-builders/issues/302
13 changes: 9 additions & 4 deletions src/template.yml
Original file line number Diff line number Diff line change
Expand Up @@ -923,15 +923,20 @@ Resources:
- "organizations:DescribeOrganizationalUnit"
- "organizations:ListParents"
- "cloudformation:*"
- "iam:GetRole"
- "iam:PassRole"
- "iam:CreateRole"
- "iam:PutRolePolicy"
- "organizations:DescribeOrganization"
- "organizations:DescribeAccount"
- "ssm:*"
- "states:StartExecution"
Resource: "*"
- Effect: "Allow"
Action:
- "iam:CreateRole"
- "iam:GetRole"
- "iam:PutRolePolicy"
- "iam:TagRole""
Resource:
- !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${CrossAccountAccessRoleName}"
- !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${CrossAccountAccessRoleName}-readonly"
- Effect: "Allow"
Action: "s3:ListBucket"
Resource: !GetAtt BootstrapTemplatesBucket.Arn
Expand Down

0 comments on commit 8535131

Please sign in to comment.