API Gateway Resource Policy limits with too many scheduled events #1415
Description
Context
On a recent deployment, I hit this error:
An error occurred (PolicyLengthExceededException) when calling the AddPermission operation: The final policy size (20698) is bigger than the limit (20480).
When looking at the policy, I can see that Zappa is creating one policy entry for each task, e.g:
{
"StringEquals": {
"AWS:SourceAccount": "$AWS_ACCOUNT_ID"
},
"ArnLike": {
"AWS:SourceArn": "arn:aws:events:$AWS_REGION:$AWS_ACCOUNT_ID:rule/$AWS_LAMBDA_FUNCTION_NAME.$APP_TASK_NAME"
}
}
I know this is an AWS limit and not strictly a Zappa issue, but I wonder if there can be a more efficient way to handle these permissions so that larger functions can support more events.
Possible Fix
Either one of these:
a) (preferred, better UX for users) a policy generator that uses a wildcard in the SourceArn so that all events can be supported by a single clause in the policy
b) (easier implementation for Zappa) a way to disable automatic API Gateway Resource Policy management in Zappa so that users can manage the policy manually