From fc24f239955678feac4203fde46d5ca83931d26c Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 26 Jan 2022 11:39:34 +0100 Subject: [PATCH] chore(s3): ensure Lambda size doesn't grow too large In #18150, a change was merged that blew up the size of the inline Lambda beyond its limit of 4096 characters. This change was not detected because the Lambda constructs being used there didn't use the regular `aws-lambda` module, but escape hatches that bypass the regular validation (released in 1.139.0, 2.8.0). Because this effectively broke S3 notifications, it was rolled back in #18507 (released in 1.140.0, not yet released in 2.x line). In this PR, add validation to make sure an event like this doesn't happen again. This will be relevant for #18614. --- .../notifications-resource-handler.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts index 5a3955a96da9f..76edb141a3cd0 100644 --- a/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts +++ b/packages/@aws-cdk/aws-s3/lib/notifications-resource/notifications-resource-handler.ts @@ -84,11 +84,17 @@ export class NotificationsResourceHandler extends Construct { return properties; } } + + const handlerSource = fs.readFileSync(path.join(__dirname, 'lambda/index.py'), 'utf8'); + if (handlerSource.length > 4096) { + throw new Error(`Source of Notifications Resource Handler is too large (${handlerSource.length} > 4096)`); + } + const resource = new InLineLambda(this, 'Resource', { type: resourceType, properties: { Description: 'AWS CloudFormation handler for "Custom::S3BucketNotifications" resources (@aws-cdk/aws-s3)', - Code: { ZipFile: fs.readFileSync(path.join(__dirname, 'lambda/index.py'), 'utf8') }, + Code: { ZipFile: handlerSource }, Handler: 'index.handler', Role: this.role.roleArn, Runtime: 'python3.7',