This repository was archived by the owner on Jan 28, 2025. It is now read-only.
This repository was archived by the owner on Jan 28, 2025. It is now read-only.
Open
Open
Adding ISR page to already created app doesn't update the IAM policy#1510
@janario

Description

Issue Summary

In a scenario where my application doesn't have ISR yet and all the resources were previously provisioned, by adding a page with ISR all the new resources get created but the IAM role of default lambda doesn't get updated.

Actual behavior

Adding new ISR page doesn't work.

Expected behavior

Adding new page feature should update the IAM policy

Steps to reproduce

  • create an app without ISR
  • add some ISR page
  • update the stack

Screenshots/Code/Configuration/Logs

image

Logs:

{
    "errorType": "AccessDenied",
    "errorMessage": "Access to the resource https://sqs.us-east-1.amazonaws.com/ is denied.",
    "Type": "Sender",
    "Code": "AccessDenied",
    "Detail": "",
    "name": "AccessDenied",
    "$fault": "client",
    "$metadata": {
        "httpStatusCode": 403,
        "requestId": "700ce142-f924-5041-a0e6-b8c5d45c40a6",
        "attempts": 1,
        "totalRetryDelay": 0
    },
    "stack": [
        "AccessDenied: Access to the resource https://sqs.us-east-1.amazonaws.com/ is denied.",
        "    at /var/task/index-94ce7346.js:2068:68",
        "    at step (/var/task/serdePlugin-6d615471.js:91:23)",
        "    at Object.next (/var/task/serdePlugin-6d615471.js:72:53)",
        "    at fulfilled (/var/task/serdePlugin-6d615471.js:62:58)",
        "    at processTicksAndRejections (internal/process/task_queues.js:95:5)"
    ]
}

Policy not updated:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Resource": "*",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ]
        },
        {
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::pffaxfu-54g38jc/*",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ]
        }
    ]
}

If I delete the IAM role it will get re-created but this time with the right policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Resource": "*",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ]
        },
        {
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::pffaxfu-54g38jc/*",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ]
        },
        {
            "Effect": "Allow",
            "Resource": "arn:aws:sqs:us-east-1:741788044765:pffaxfu-54g38jc.fifo",
            "Action": [
                "sqs:SendMessage"
            ]
        }
    ]
}

Only then with the new policy it starts to work again

Versions

  • OS/Environment:
  • @sls-next/serverless-component version: 3.2.0
  • Next.js version: 11

Additional context

Checklist

  • You have reviewed the README and FAQs, which answers several common questions.
  • You have reviewed our DEBUGGING wiki and have tried your best to include complete information and reproduction steps (including your configuration) as is possible.
  • You have first tried using the most recent latest or alpha @sls-next/serverless-component release version, which may have already fixed your issue or implemented the feature you are trying to use. Note that the old serverless-next.js component and the serverless-next.js plugin are deprecated and no longer maintained.