stackoom
  简体   繁体   中英

AWS function policy is bigger than the limit

 原文  2017-07-31 18:01:35       amazon-web-services/ aws-lambda

Question

I have an Amazon API gateway linking to AWS java Lambda back end. I am trying to add a new Method to a Resource and I get the following error when choosing the integration point for the new method.

The error is:

" The function policy is bigger than the limit. Please manually update policy via lambda cli."

How do I go about updating the policy and why is this error occurring ?

Many thanks, Richard

2 answers

solution1
 0  2017-08-01 02:26:20

Ok as suggested the issue is with a 20kb limit with the Policy document. You can get the policy document via the Cli though for me it didn't help much as unless there is a way to overwrite it and a way to optimise it then its pretty useless. That said there may be I couldn't find it.

Note this is a Lambda issue in this case not a API Gateway one. In short I had a lot of endpoints (~30/50) which for an API is nothing in the wild however each endpoint needs a relevant few lines in the policy document where its linking the Lambda Code to the API Gateway endpoint. at around 30 to 50 endpoints this fills the Policy document.

There may be better ways to do this .... but at that limit even when I deleted a few unused endpoints it didn't help. The solution was to delete the Lambda Function code and remake it.

However this will only clear the Policy document until you recreate the links again. In order to avoid this problem occurring again I had to reduce the endpoints to the core ones then use a passed parameter to trigger the correct code within Lambda. 

    Instead of  https://www.something.com/cars/iswindowopen
    do
    Instead of  https://www.something.com/cars
    {
     "call":"iswindowopen"
    }

In sort pass the many endpoints as a parameter. This was porbably my fault for not reading enough of the documentation but this limit is well hidden in my opinion so watch out =)

solution2
 0  2019-06-26 12:00:35

If you use python, you can use the Boto3 lambda API get_policy to see what resource-based policies are attached with your lambda functions and then use remove_permission to clean up duplicate policies or policies that aren't needed. You can also use AWS Lambda CLI get-policy and remove-permission to inspect and clean up your policies. You can check out this article for information on how to fix this issue.

After you fix this issue, you should configure the permission for your API to invoke Lambda using a resource based policy or an IAM role to prevent getting this error in the future.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question aws-cdk LambdaRestApi: The final policy size is bigger than the limit The final policy size is bigger than the limit of 20480 - AWS ELK The final policy size is bigger than the limit (20480) AWS sns subscription filter policy limit AWS Bucket Policy - limit access to a bucket with bucket policy aws Lambda function access policy AWS IAM policy to limit access to CodeCommit branches with wildcards in their names AWS S3 Bucket Policy Limit GETs to a set of IPs? AWS policy to limit S3 data size per IAM user AWS S3 IAM policy to limit to single sub folder
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM