Skip to content

feat: add optional source_account to lambda permissions#87

Open
rorynolan wants to merge 4 commits intocloudposse:mainfrom
rorynolan:main
Open

feat: add optional source_account to lambda permissions#87
rorynolan wants to merge 4 commits intocloudposse:mainfrom
rorynolan:main

Conversation

@rorynolan
Copy link

@rorynolan rorynolan commented Jul 30, 2025

what

  • Make both source_arn and source_account optional in invoke_function_permissions
  • Add comprehensive documentation for all permission fields
  • Update complete example to demonstrate source_account usage

why

Without this, you need to add custom stuff just to comply with the config rule lambda-function-public-access-prohibited, that requires source_account to be set.

It should be easy to comply with this rule using the module natively.

@rorynolan rorynolan requested review from a team as code owners July 30, 2025 12:37
@mergify mergify bot added the triage Needs triage label Jul 30, 2025
@oycyc
Copy link

oycyc commented Aug 3, 2025

/terratest

oycyc
oycyc previously approved these changes Aug 3, 2025
View reviewed changes
Copy link

@oycyc oycyc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good addition! As defined on the AWS provider docs as well: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission#source_account-1

@mergify mergify bot removed the triage Needs triage label Aug 3, 2025
@oycyc oycyc added enhancement New feature or request minor New features that do not break anything labels Aug 3, 2025
@oycyc oycyc enabled auto-merge (squash) August 3, 2025 12:28
@oycyc
Copy link

oycyc commented Aug 3, 2025

Ugh seems like Terratest is failing because of the optional... @rorynolan in your branch, can you try setting the examples/versions and where the required_version of TF to be >= 1.3.0 or >=1.4.0?

auto-merge was automatically disabled August 5, 2025 17:40

Head branch was pushed to by a user without write access

@rorynolan
Copy link
Author

rorynolan commented Aug 5, 2025

@oycyc I set it to minimum 1.4 can you please trigger a test rerun?

@oycyc
Copy link

oycyc commented Aug 7, 2025

/terratest

Rory Nolan and others added 4 commits January 25, 2026 21:23
@claude @rorynolan
feat: add optional source_account to lambda permissions
a70ecbe 
- Make both source_arn and source_account optional in invoke_function_permissions
- Add comprehensive documentation for all permission fields
- Update complete example to demonstrate source_account usage
- Maintain backward compatibility with existing configurations

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@rorynolan
Require terraform >= 1.4
89da6d9
@rorynolan
Require terraform >= 1.4
a7c91ea
@rorynolan
Clarify that source_account must be set to satisfy config rule
ba83c03
@rorynolan
Copy link
Author

rorynolan commented Jan 26, 2026

@oycyc I rebased onto updates can you please approve the test workflow again?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oycyc oycyc oycyc left review comments

@joe-niland joe-niland Awaiting requested review from joe-niland joe-niland is a code owner automatically assigned from cloudposse/contributors

@nitrocode nitrocode Awaiting requested review from nitrocode nitrocode is a code owner automatically assigned from cloudposse/contributors

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request minor New features that do not break anything

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rorynolan @oycyc