Closed
Description
Expected Behaviour
Using .use(parser({ schema: LambdaFunctionUrlSchema })) middleware should work with Lambda Function URLs protected by the newly launched CloudFront OACs.
Current Behaviour
The parser throws an error:
Failed to parse schema. This error was caused by: [
{
"code": "invalid_type",
"expected": "string",
"received": "null",
"path": [
"requestContext",
"authorizer",
"iam",
"principalOrgId"
],
"message": "Expected string, received null"
}
,
{
"code": "invalid_type",
"expected": "object",
"received": "null",
"path": [
"requestContext",
"authorizer",
"iam",
"cognitoIdentity"
],
"message": "Expected object, received null"
}
This is because when CloudFront OAC is calling the Lambda Function URL, the principalOrgId and cognitoIdentity are actual set to null:
// some sensitive'ish values replaced with fictional values
"requestContext": {
"accountId": "123456789012",
"apiId": "abcd1",
"authorizer": {
"iam": {
"accessKey": "ASIA123EXAMPLE",
"accountId": "123456789012",
"callerId": "AROA123EXAMPLE:OriginAccessSession",
/* NOTICE NULL → */ "cognitoIdentity": null,
/* NOTICE NULL → */ "principalOrgId": null,
"userArn": "arn:aws:sts::123456789012:assumed-role/OriginAccessControlRole/OriginAccessSession",
"userId": "AROA123EXAMPLE:OriginAccessSession"
}
},Code snippet
.use(parser({ schema: LambdaFunctionUrlSchema })) with Lambda Function URL + CloudFront OAC
Steps to Reproduce
Creating a full example is a bit too much work for right now, but you can take my minimal Lambda Function URL + CloudFront OAC example from aws/aws-cdk#21771 (comment) and replace the Lambda function with a TS one using .use(parser({ schema: LambdaFunctionUrlSchema })) middleware.
Possible Solution
- Make
principalOrgIdnullable - Make
cognitoIdentitynullable
Powertools for AWS Lambda (TypeScript) version
latest
AWS Lambda function runtime
20.x
Packaging format used
npm
Execution logs
No response
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
Shipped