we also check the AWS::Lambda::Permission resource exists in the temp…

…late and has the expected policy
aws · Sep 10, 2024 · 989141b · 989141b
1 parent 2ad9170
commit 989141b
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 1 deletion.
diff --git a/packages/aws-cdk-lib/aws-cloudfront-origins/lib/function-url-origin.ts b/packages/aws-cdk-lib/aws-cloudfront-origins/lib/function-url-origin.ts
@@ -128,7 +128,7 @@ class FunctionUrlOriginWithOAC extends cloudfront.OriginBase {
     new lambda.CfnPermission(scope, `InvokeFromApiFor${options.originId}`, {
       principal: 'cloudfront.amazonaws.com',
       action: 'lambda:InvokeFunctionUrl',
-      functionName: cdk.Fn.select(6, cdk.Fn.split(':', this.functionUrl.functionArn)),
+      functionName: this.functionUrl.functionArn,
       sourceArn: `arn:${cdk.Aws.PARTITION}:cloudfront::${cdk.Aws.ACCOUNT_ID}:distribution/${distributionId}`,
     });
   }

diff --git a/packages/aws-cdk-lib/aws-cloudfront-origins/test/function-url-origin.test.ts b/packages/aws-cdk-lib/aws-cloudfront-origins/test/function-url-origin.test.ts
@@ -118,6 +118,27 @@ describe('FunctionUrlOriginAccessControl', () => {
         ]),
       },
     });
+
+    template.hasResourceProperties('AWS::Lambda::Permission', {
+      Action: 'lambda:InvokeFunctionUrl',
+      FunctionName: {
+        'Fn::GetAtt': ['MyFunctionFunctionUrlFF6DE78C', 'FunctionArn'],
+      },
+      Principal: 'cloudfront.amazonaws.com',
+      SourceArn: {
+        'Fn::Join': [
+          '',
+          [
+            'arn:',
+            { Ref: 'AWS::Partition' },
+            ':cloudfront::',
+            { Ref: 'AWS::AccountId' },
+            ':distribution/',
+            { Ref: 'MyDistribution6271DFB5' },
+          ],
+        ],
+      },
+    });
   });
 
   test('Correctly configures CloudFront Distribution with Origin Access Control', () => {
@@ -176,6 +197,27 @@ describe('FunctionUrlOriginAccessControl', () => {
         SigningProtocol: 'sigv4',
       },
     });
+
+    template.hasResourceProperties('AWS::Lambda::Permission', {
+      Action: 'lambda:InvokeFunctionUrl',
+      FunctionName: {
+        'Fn::GetAtt': ['MyFunctionFunctionUrlFF6DE78C', 'FunctionArn'],
+      },
+      Principal: 'cloudfront.amazonaws.com',
+      SourceArn: {
+        'Fn::Join': [
+          '',
+          [
+            'arn:',
+            { Ref: 'AWS::Partition' },
+            ':cloudfront::',
+            { Ref: 'AWS::AccountId' },
+            ':distribution/',
+            { Ref: 'MyDistribution6271DFB5' },
+          ],
+        ],
+      },
+    });
   });
 
   test('Correctly configures CloudFront Distribution with a custom Origin Access Control', () => {