Skip to content

Commit 363adb0

Browse files
kris-szlapakris-szlapa
committed
Ensure SlackBot Lambda is created before referencing its function name in policy
1 parent d1747df commit 363adb0

File tree

1 file changed

+12
-12
lines changed

1 file changed

+12
-12
lines changed

packages/cdk/stacks/EpsAssistMeStack.ts

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -423,18 +423,6 @@ export class EpsAssistMeStack extends Stack {
423423
//"arn:aws:ssm:us-east-2:123456789012:parameter/prod-*"
424424
//(`arn:aws:bedrock:${region}:${account}:knowledge-base/${bedrockkb.attrKnowledgeBaseId}`);
425425

426-
const lambdaReinvokePolicy = new PolicyStatement()
427-
lambdaReinvokePolicy.addActions("lambda:InvokeFunction")
428-
lambdaReinvokePolicy.addResources(
429-
`arn:aws:lambda:${region}:${account}:function:${slackBotLambda.function.functionName}`,
430-
`arn:aws:lambda:${region}:${account}:function:AmazonBedrock*`
431-
)
432-
slackBotLambda.function.addToRolePolicy(lambdaReinvokePolicy)
433-
434-
const lambdaGRinvokePolicy = new PolicyStatement()
435-
lambdaGRinvokePolicy.addActions("bedrock:ApplyGuardrail")
436-
lambdaGRinvokePolicy.addResources(`arn:aws:bedrock:${region}:${account}:guardrail/*`)
437-
438426
// Create the SlackBot (slash command) integration to Amazon Bedrock Knowledge base responses.
439427
const slackBotLambda = new LambdaFunction(this, "SlackBotLambda", {
440428
stackName: props.stackName,
@@ -463,6 +451,18 @@ export class EpsAssistMeStack extends Stack {
463451
slackBotTokenSecret.grantRead(slackBotLambda.function)
464452
slackBotSigningSecret.grantRead(slackBotLambda.function)
465453

454+
// Create the policy using the actual Lambda function name
455+
const lambdaReinvokePolicy = new PolicyStatement()
456+
lambdaReinvokePolicy.addActions("lambda:InvokeFunction")
457+
lambdaReinvokePolicy.addResources(
458+
`arn:aws:lambda:${region}:${account}:function:${slackBotLambda.function.functionName}`,
459+
`arn:aws:lambda:${region}:${account}:function:AmazonBedrock*`
460+
)
461+
462+
const lambdaGRinvokePolicy = new PolicyStatement()
463+
lambdaGRinvokePolicy.addActions("bedrock:ApplyGuardrail")
464+
lambdaGRinvokePolicy.addResources(`arn:aws:bedrock:${region}:${account}:guardrail/*`)
465+
466466
// Attach listed IAM policies to the Lambda functions Execution role
467467
slackBotLambda.function.addToRolePolicy(lambdaBedrockModelPolicy)
468468
slackBotLambda.function.addToRolePolicy(lambdaBedrockKbPolicy)

0 commit comments

Comments
 (0)