chore(s3): ensure Lambda size doesn't grow too large

In #18150, a change was merged that blew up the size of the inline Lambda beyond its limit of 4096 characters. This change was not detected because the Lambda constructs being used there didn't use the regular `aws-lambda` module, but escape hatches that bypass the regular validation (released in 1.139.0, 2.8.0). Because this effectively broke S3 notifications, it was rolled back in #18507 (released in 1.140.0, not yet released in 2.x line). In this PR, add validation to make sure an event like this doesn't happen again. This will be relevant for #18614.
aws · Jan 26, 2022 · fc24f23 · fc24f23
1 parent 2eda19e
commit fc24f23
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts
@@ -84,11 +84,17 @@ export class NotificationsResourceHandler extends Construct {
         return properties;
       }
     }
+
+    const handlerSource = fs.readFileSync(path.join(__dirname, 'lambda/index.py'), 'utf8');
+    if (handlerSource.length > 4096) {
+      throw new Error(`Source of Notifications Resource Handler is too large (${handlerSource.length} > 4096)`);
+    }
+
     const resource = new InLineLambda(this, 'Resource', {
       type: resourceType,
       properties: {
         Description: 'AWS CloudFormation handler for "Custom::S3BucketNotifications" resources (@aws-cdk/aws-s3)',
-        Code: { ZipFile: fs.readFileSync(path.join(__dirname, 'lambda/index.py'), 'utf8') },
+        Code: { ZipFile: handlerSource },
         Handler: 'index.handler',
         Role: this.role.roleArn,
         Runtime: 'python3.7',