Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

cli: cdk migrate outputs an incorrect template for Lambda environment variables #28997

Closed
ymhiroki opened this issue Feb 6, 2024 · 4 comments
Assignees
Labels
bug This issue is a bug. cli Issues related to the CDK CLI effort/medium Medium work item – several days of effort p1 package/tools Related to AWS CDK Tools or CLI toolkit/migrate Related to cdk migrate

Comments

@ymhiroki
Copy link
Contributor

ymhiroki commented Feb 6, 2024

Describe the bug

I ran cdk migrate command with the CFn template below, which copied from the blog post.

AWSTemplateFormatVersion: "2010-09-09"
Description: AWS CDK Migrate Demo Template
Parameters:
  FunctionResponse:
    Description: Response message from the Lambda function
    Type: String
    Default: Hello World
  BucketTag:
    Description: The tag value of the S3 bucket
    Type: String
    Default: ChangeMe
Resources:
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
  HelloWorldFunction:
    Type: AWS::Lambda::Function
    Properties:
      Role: !GetAtt LambdaExecutionRole.Arn
      Code:
        ZipFile: |
          import os
          def lambda_handler(event, context):
            function_response = os.getenv('FUNCTION_RESPONSE')
            return {
              "statusCode": 200,
              "body": function_response
            }
      Handler: index.lambda_handler
      Runtime: python3.11
      Environment:
        Variables:
          FUNCTION_RESPONSE: !Ref FunctionResponse
  S3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
      Tags:
        - Key: Application
          Value: Git-Sync-Demo
        - Key: DynamicTag
          Value: !Ref BucketTag
Outputs:
  S3BucketName:
    Description: The name of the S3 bucket
    Value: !Ref S3Bucket
    Export:
      Name: !Sub ${AWS::StackName}-S3BucketName

The command generates the typescript code below for the Lambda function.

    const helloWorldFunction = new lambda.CfnFunction(this, 'HelloWorldFunction', {
      role: lambdaExecutionRole.attrArn,
      code: {
        zipFile: 'import os\ndef lambda_handler(event, context):\n  function_response = os.getenv(\'FUNCTION_RESPONSE\')\n  return {\n    \"statusCode\": 200,\n    \"body\": function_response\n  }\n',
      },
      handler: 'index.lambda_handler',
      runtime: 'python3.11',
      environment: {
        variables: {
          functionResponse: props.functionResponse!,
        },
      },
    });

variables should contain FUNCTION_RESPONSE, however, it's actually functionResponse.

Expected Behavior

Lambda environment variables must contain FUNCTION_RESPONSE like the code below.

    const helloWorldFunction = new lambda.CfnFunction(this, 'HelloWorldFunction', {
      role: lambdaExecutionRole.attrArn,
      code: {
        zipFile: 'import os\ndef lambda_handler(event, context):\n  function_response = os.getenv(\'FUNCTION_RESPONSE\')\n  return {\n    \"statusCode\": 200,\n    \"body\": function_response\n  }\n',
      },
      handler: 'index.lambda_handler',
      runtime: 'python3.11',
      environment: {
        variables: {
          FUNCTION_RESPONSE: props.functionResponse!,
        },
      },
    });

Current Behavior

cdk migrate command generates an incorrect template for Lambda environment variables.
The function doesn't work well since it can't read environment variables.

    const helloWorldFunction = new lambda.CfnFunction(this, 'HelloWorldFunction', {
      role: lambdaExecutionRole.attrArn,
      code: {
        zipFile: 'import os\ndef lambda_handler(event, context):\n  function_response = os.getenv(\'FUNCTION_RESPONSE\')\n  return {\n    \"statusCode\": 200,\n    \"body\": function_response\n  }\n',
      },
      handler: 'index.lambda_handler',
      runtime: 'python3.11',
      environment: {
        variables: {
          functionResponse: props.functionResponse!,
        },
      },
    });

Reproduction Steps

Run cdk migrate --stack-name sample-stack --language typescript --from-path ./demo-template.yaml

with demo-template.yaml:

AWSTemplateFormatVersion: "2010-09-09"
Description: AWS CDK Migrate Demo Template
Parameters:
  FunctionResponse:
    Description: Response message from the Lambda function
    Type: String
    Default: Hello World
  BucketTag:
    Description: The tag value of the S3 bucket
    Type: String
    Default: ChangeMe
Resources:
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
  HelloWorldFunction:
    Type: AWS::Lambda::Function
    Properties:
      Role: !GetAtt LambdaExecutionRole.Arn
      Code:
        ZipFile: |
          import os
          def lambda_handler(event, context):
            function_response = os.getenv('FUNCTION_RESPONSE')
            return {
              "statusCode": 200,
              "body": function_response
            }
      Handler: index.lambda_handler
      Runtime: python3.11
      Environment:
        Variables:
          FUNCTION_RESPONSE: !Ref FunctionResponse
  S3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
      Tags:
        - Key: Application
          Value: Git-Sync-Demo
        - Key: DynamicTag
          Value: !Ref BucketTag
Outputs:
  S3BucketName:
    Description: The name of the S3 bucket
    Value: !Ref S3Bucket
    Export:
      Name: !Sub ${AWS::StackName}-S3BucketName

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.126.0 (build fb74c41)

Framework Version

No response

Node.js Version

v20.10.0

OS

macOS Sonoma 14.3 (23D56)

Language

TypeScript

Language Version

No response

Other information

No response

@ymhiroki ymhiroki added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Feb 6, 2024
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Feb 6, 2024
@tim-finnigan tim-finnigan self-assigned this Feb 6, 2024
@tim-finnigan tim-finnigan added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Feb 6, 2024
@tim-finnigan
Copy link

Thanks for reporting this issue, this does appear to be a bug with the environment variable getting converted to camel case.

@tim-finnigan tim-finnigan removed their assignment Feb 6, 2024
@tim-finnigan tim-finnigan added p1 effort/medium Medium work item – several days of effort cli Issues related to the CDK CLI and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Feb 6, 2024
@TheRealAmazonKendra
Copy link
Contributor

Duplicate of #29027

@TheRealAmazonKendra
Copy link
Contributor

This fix for this was released in v2.132.

Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
bug This issue is a bug. cli Issues related to the CDK CLI effort/medium Medium work item – several days of effort p1 package/tools Related to AWS CDK Tools or CLI toolkit/migrate Related to cdk migrate
Projects
None yet
Development

No branches or pull requests

3 participants