Merge pull request #159 from mapbox/unique-lambda-policy-names

Use unique names for the lambda policies

Author: ryndaniels

changelog.md

@@ -1,13 +1,17 @@
 # Changelog
 
+## 9.1.0
+
+- Change the policy name for the Lambda shortcuts to include the stack's LogicalName
+
 ## 9.0.0
 
-- Removes: 
+- Removes:
    - aws-sdk as a runtime dependency.
    - All node support prior to version 20.
-- Adds: 
+- Adds:
   - `@aws-sdk/client-cloudformation` as a runtime dependency.
-- Updates: 
+- Updates:
     - bin/validate-template to use `@aws-sdk/client-cloudformation`.
     - Lambda shortcut lambda runtime default to use `node22.x`
 

lib/shortcuts/lambda.js

@@ -203,7 +203,7 @@ class Lambda {
         Condition,
         DependsOn: (RoleArn) ? undefined : `${LogicalName}Role`,
         Properties: {
-          PolicyName: 'lambda-log-access',
+          PolicyName: `${LogicalName}-lambda-log-access`,
           Roles: [roleName],
           PolicyDocument: {
             Version: '2012-10-17',

package-lock.json

@@ -87,7 +87,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "MyLambdaRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "MyLambda-lambda-log-access",
         "Roles": [
           {
             "Ref": "MyLambdaRole"

test/fixtures/shortcuts/event-lambda-custom-eventbus.json

@@ -87,7 +87,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "MyLambdaRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "MyLambda-lambda-log-access",
         "Roles": [
           {
             "Ref": "MyLambdaRole"

test/fixtures/shortcuts/event-lambda-defaults.json

@@ -87,7 +87,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "MyLambdaRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "MyLambda-lambda-log-access",
         "Roles": [
           {
             "Ref": "MyLambdaRole"

test/fixtures/shortcuts/event-lambda-full.json

@@ -175,7 +175,7 @@
         },
         "Handler": "index.lambda",
         "MemorySize": 128,
-        "Runtime": "nodejs16.x",
+        "Runtime": "nodejs22.x",
         "Timeout": 30,
         "Role": {
           "Fn::GetAtt": [
@@ -225,7 +225,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "PassFunctionRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "PassFunction-lambda-log-access",
         "Roles": [
           {
             "Ref": "PassFunctionRole"
@@ -366,7 +366,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "DestinationRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "Destination-lambda-log-access",
         "Roles": [
           {
             "Ref": "DestinationRole"

test/fixtures/shortcuts/hookshot-github-compatible-legacy-node-runtimes.json

@@ -231,7 +231,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "PassFunctionRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "PassFunction-lambda-log-access",
         "Roles": [
           {
             "Ref": "PassFunctionRole"
@@ -372,7 +372,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "DestinationRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "Destination-lambda-log-access",
         "Roles": [
           {
             "Ref": "DestinationRole"

test/fixtures/shortcuts/hookshot-github-secret-ref.json

@@ -225,7 +225,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "PassFunctionRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "PassFunction-lambda-log-access",
         "Roles": [
           {
             "Ref": "PassFunctionRole"
@@ -366,7 +366,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "DestinationRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "Destination-lambda-log-access",
         "Roles": [
           {
             "Ref": "DestinationRole"

test/fixtures/shortcuts/hookshot-github-secret-string.json

@@ -233,7 +233,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "PassFunctionRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "PassFunction-lambda-log-access",
         "Roles": [
           {
             "Ref": "PassFunctionRole"
@@ -374,7 +374,7 @@
       "Type": "AWS::IAM::Policy",
       "DependsOn": "DestinationRole",
       "Properties": {
-        "PolicyName": "lambda-log-access",
+        "PolicyName": "Destination-lambda-log-access",
         "Roles": [
           {
             "Ref": "DestinationRole"