aws-cdk: CodePipeline policy with LambdaInvokeAction wrongly assumes that ImportValue of a Lambda is the ARN but it is the logical ID

🐛 Bug Report

What is the problem?

A CodePipeline with a LambdaInvokeAction wrongly assumes that ImportValue of a Lambda is the ARN but it is the logical ID. The pipeline policy also wrongly assumes the import value.

Reproduction Steps

Clone https://github.com/khornberg/cdk-bugs Install pip packages (assuming one has the npm package already) Run cdk synth --path-metadata false --version-reporting false --app "python3 pipeline-lambda-invoke-action-bug.py"

Verbose Log

https://github.com/khornberg/cdk-bugs/blob/master/output.yaml

Pipeline action Lines 78-82 are wrong and will fail

                  Fn::Select:
                    - 6
                    - Fn::Split:
                        - ":"
                        - Fn::ImportValue: SomeFunction

Policy Lines 135-138

          - Action: lambda:InvokeFunction
            Effect: Allow
            Resource:
              Fn::ImportValue: SomeFunction

The action is created thus

                LambdaInvokeAction(
                    action_name="LambdaInvokeAction",
                    run_order=1,
                    lambda_=Function.from_function_arn(
                        self, "function", core.Fn.import_value("SomeFunction")
                    ),
                )

Environment

  • CDK CLI Version: 1.5.0 (build c020efa)
  • Module Version: 1.6.1
  • OS: OSX Mojave
  • Language: Python

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 15 (10 by maintainers)

Most upvoted comments

No I’ve since moved on

+1
khornberg on Sep 9, 2020
Read more comments on GitHub
← aws-cdk: (codepipeline): Error: The 'account' property must be a concrete value (action: 'CodeBuild')
aws-cdk: [cognito] can't add cognito trigger after UserPool.fromUserPoolId →