Lambda ACK doesn't adopt Alias resource

[nerdfacerory]

Describe the bug
Lambda Alias resource cannot be adopted.

Steps to reproduce

Have an already existing Alias which we are trying to adopt:

$ aws lambda get-alias --function-name ethos103-dev-va6-cw2splunk --name ethos103-dev-va6-cw2splunk-alias --profile ethos-dev --region us-east-1
{
    "AliasArn": "arn:aws:lambda:us-east-1:164592617289:function:ethos103-dev-va6-cw2splunk:ethos103-dev-va6-cw2splunk-alias",
    "Name": "ethos103-dev-va6-cw2splunk-alias",
    "FunctionVersion": "$LATEST",
    "Description": "Lambda function alias triggered by CloudWatch Logs to export EKS ControlPlane",
    "RevisionId": "be116060-aa0f-4ad8-b864-bf63d1ad23ac"
}

apiVersion: lambda.services.k8s.aws/v1alpha1
kind: Alias
metadata:
  annotations:
    services.k8s.aws/adoption-fields: |
      {
        "name": "ethos103-dev-va6-cw2splunk-alias"
      }
    services.k8s.aws/adoption-policy: adopt

Expected outcome

Expected outcome would have been the successful adoption of the resource.
The logs from the lambda ACK controller state otherwise:

{"level":"error","ts":"2025-07-15T11:47:24.169Z","msg":"Reconciler error","controller":"alias","controllerGroup":"lambda.services.k8s.aws","controllerKind":"Alias","Alias":{"name":"ethos103-dev-va6-cw2splunk-alias","namespace":"ethos103-dev-va6"},"namespace":"ethos103-dev-va6","name":"ethos103-dev-va6-cw2splunk-alias","reconcileID":"5c02adf1-36f0-4122-ba06-1653c87bdb32","error":"adopted resource not found","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.4/pkg/internal/controller/controller.go:347\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.4/pkg/internal/controller/controller.go:294\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.4/pkg/internal/controller/controller.go:255"}

We were able to adopt a function in the same account, region, env.
We also have this policy that grants full rights over lambda service:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "lambda:*",
                "s3:Get*",
                "ecr:Get*",
                "ecr:BatchGet*",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcs"
            ],
            "Resource": "*"
        },
        {
            "Action": "iam:PassRole",
            "Condition": {
                "StringEquals": {
                    "iam:PassedToService": "lambda.amazonaws.com"
                }
            },
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Environment
dev

• Kubernetes version: v1.31
• Using EKS (yes/no), if so version? yes, 1.31
• AWS service targeted (S3, RDS, etc.) Lambda

[github-actions]

Hello @nerdfacerory 👋 Thank you for opening an issue in ACK! A maintainer will triage this issue soon.

We encourage community contributions, so if you're interested in tackling this yourself or suggesting a solution, please check out our Contribution and Code of Conduct guidelines.

You can find more information about ACK on our website.

[michaelhtm]

Hello @nerdfacerory
When adopting a lambda alias, you would also need to provide the functionName as shown here:
https://github.com/aws-controllers-k8s/lambda-controller/blob/main/pkg/resource/alias/resource.go#L105-L116

[nerdfacerory]

@michaelhtm i also tried adding the functionName as well together with name but with no success. Did you manage to adopt an Alias by providing them both like this?

kind: Alias
metadata:
  name: ethos103-dev-va6-cw2splunk-alias
  namespace: ethos103-dev-va6
  annotations:
    services.k8s.aws/adoption-fields: |
      {
        "name": "ethos103-dev-va6-cw2splunk-alias",
        "functionName": "ethos103-dev-va6-cw2splunk"
      }
    services.k8s.aws/adoption-policy: adopt

I can give it another try and increase the loglevel to debug because in the standard way the controller didn't log anything when i applied this configuration.

[michaelhtm]

I was able to adopt successfully a lambda Alias:

apiVersion: lambda.services.k8s.aws/v1alpha1
kind: Alias
metadata:
  name: myalias
  annotations:
    services.k8s.aws/adoption-policy: adopt
    services.k8s.aws/adoption-fields: |
      {
        "name": "myalias",
        "functionName": "myfunc"
      }

This was populated:

spec:
  description: ""
  functionName: myfunc
  functionVersion: $LATEST
  name: myalias
status:
  ackResourceMetadata:
     ...
  conditions:
  - lastTransitionTime: "2025-07-15T16:26:08Z"
    message: Resource synced successfully
    reason: ""
    status: "True"

Having the logs would definitely be helpful :)

[itaiatu]

We managed to adopt it by setting both the name of the Alias and the functionName.
Thanks, @michaelhtm!

[nerdfacerory]

@michaelhtm do you think it would be a good idea to update this code https://github.com/aws-controllers-k8s/lambda-controller/blob/main/pkg/resource/alias/resource.go#L105-L116 and have it fail if both name and functionName are not provided since both seem to be required for adoption? In this way it would be more clear for anyone that both are required for the successful adoption of the resource.

[michaelhtm]

Yes you are right @nerdfacerory. We can support that in code-gen