amplify-cli: Bug: Lambda custom policies not working

Before opening, please confirm:

I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
I have searched for duplicate or closed issues.
I have read the guide for submitting bug reports.
I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

How did you install the Amplify CLI?

No response

If applicable, what version of Node.js are you using?

No response

Amplify CLI Version

6.2.1

What operating system are you using?

Debian Bullseye

Amplify Categories

function

Amplify Commands

push

Describe the bug

I have added custom policy for my lambda function in <function_name>-cloudformation-template.json:

"CustomLambdaExecutionPolicy": {
      "Type": "AWS::IAM::Policy",
      "DependsOn": [
        "LambdaExecutionRole"
      ],
      "Properties": {
        "PolicyName": "custom-lambda-execution-policy",
        "Roles": [
          {
            "Ref": "LambdaExecutionRole"
          }
        ],
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": "cloudfront:*",
              "Resource": [
                "*"
              ]
            }
          ]
        }
      }
    },

When I updated Amplify CLI from v6.1.1 to v6.2.1, when I run amplify push, it remove my custom policy. Then I noticed a change in v6.2.0:

6.2.0 (2021-10-06) Features Custom policies IAM Policies for Lambda and Containers (#8068) (3e1ce0d)

Then I create custom-policies.json according to the updated documentation, with the following content:

[
  {
    "Effect": "Allow",
    "Action": ["cloudfront:*"],
    "Resource": ["arn:aws:cloudfront:::*"]
  }
]

Then run amplify push, the error showed up as below:

? Are you sure you want to continue? Yes
strict mode: missing type "object" for keyword "additionalProperties" at "#" (strictTypes)
✖ An error occurred when pushing the resources to the cloud
🛑 
strict mode: unknown keyword: "optionalProperties"
An error occurred during the push operation: strict mode: unknown keyword: "optionalProperties"

Expected behavior

It should work. I tried the example in the docs, also won’t work:

[
  {
    "Action": ["s3:CreateBucket"],
    "Resource": ["arn:aws:s3:::*"]
  }
]

Reproduction steps

As described above

GraphQL schema(s)

# Put schemas below this line

Log output

# Put your logs below this line

Additional information

I have tried to clean all of my workspaces, run amplify init then amplify pull again, the error still persisted.

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 18 (13 by maintainers)

Most upvoted comments

@grovejc I created a PR for fixing this already, hopefully it will soon be landed in a release.

osddeitf on Oct 21, 2021

I am having this same issue using 6.3.1 cli.

grovejc on Oct 20, 2021

No worries @osddeitf ! Thank you for the contribution! 🚀

josefaidt on Dec 9, 2021

v6.4.0 released, it’s time to test it.

osddeitf on Nov 11, 2021

@dudzin, and for anyone having issue with CI. This is how i mitigate the issue currently, basically opt out of the new feature:

don’t use custom-policies.json.
rename resource name of any manually added policies in <function_name>-cloudformation-template.json to make sure CustomLambdaExecutionPolicy won’t appear in Resource section. (e.g. rename CustomLambdaExecutionPolicy to MyCustomLambdaExecutionPolicy).

They are having a lot of works going on in transform v2 or some sorts. So I think newer version of amplify-cli than 6.3.1 won’t come out soon.

osddeitf on Nov 10, 2021

Hello, I have the same issue on CI but not when I execute it in localhost. On localhost I have amplify-cli 6.3.1. What can I do to fix the CI? The actual error is - Uploading files... 2021-11-09T16:01:14.522Z [WARNING]: strict mode: missing type "object" for keyword "additionalProperties" at "#" (strictTypes) 2021-11-09T16:01:14.523Z [WARNING]: ✖ An error occurred when pushing the resources to the cloud 2021-11-09T16:01:14.524Z [WARNING]: ✖ There was an error initializing your environment. 2021-11-09T16:01:14.583Z [INFO]: [0mError: strict mode: unknown keyword: "optionalProperties"[0m [0m at checkStrictMode (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/util.ts:211:28)[0m [0m at checkUnknownRules (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/util.ts:27:22)[0m [0m at alwaysValidSchema (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/util.ts:17:3)[0m [0m at Object.code (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/vocabularies/applicator/items.ts:16:26)[0m [0m at keywordCode (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:523:9)[0m [0m at /root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:265:9[0m [0m at CodeGen.code (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/codegen/index.ts:525:33)[0m [0m at CodeGen.block (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/codegen/index.ts:680:20)[0m [0m at iterateKeywords (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:262:7)[0m [0m at groupKeywords (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:241:7)[0m [0m at /root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:233:38[0m [0m at CodeGen.code (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/codegen/index.ts:525:33)[0m [0m at CodeGen.block (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/codegen/index.ts:680:20)[0m [0m at schemaKeywords (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:232:7)[0m [0m at typeAndKeywords (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:161:3)[0m [0m at /root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:100:5[0m [0m at CodeGen.code (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/codegen/index.ts:525:33)[0m [0m at /root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:61:45[0m [0m at CodeGen.code (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/codegen/index.ts:525:33)[0m [0m at CodeGen.func (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/codegen/index.ts:699:24)[0m [0m at validateFunction (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:60:9)[0m [0m at topSchemaObjCode (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:94:3)[0m [0m at validateFunctionCode (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/validate/index.ts:42:7)[0m [0m at Ajv.compileSchema (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/compile/index.ts:163:25)[0m [0m at Ajv._compileSchemaEnv (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/core.ts:718:24)[0m [0m at Ajv.compile (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/ajv/lib/core.ts:370:34)[0m [0m at validateCustomPolicies (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/amplify-provider-awscloudformation/src/pre-push-cfn-processor/cfn-pre-processor.ts:132:30)[0m [0m at Object.writeCustomPoliciesToCFNTemplate (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/amplify-provider-awscloudformation/src/pre-push-cfn-processor/cfn-pre-processor.ts:63:9)[0m [0m at updateS3Templates (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/amplify-provider-awscloudformation/src/push-resources.ts:759:7)[0m [0m at Object.run (/root/.nvm/versions/node/v12.21.0/lib/node_modules/@aws-amplify/cli/node_modules/amplify-provider-awscloudformation/src/push-resources.ts:198:5)[0m

dudzin on Nov 9, 2021