7

For over a year I have been able to publish a ASP.NET Core Web API application using Visual Studio 2019 by selecting "Publish to AWS Lambda..." without incident (via a right click on the project). Until yesterday. Now it consistently fails to publish and rolls back.

The following two reasons are given as to why it has failed.

  1. 1 validation error detected: Value 'AWSLambdaFullAccess' at 'policyArn' failed to satisfy constraint: Member must have length greater than or equal to 20 (Service: AmazonIdentityManagement; Status Code: 400; Error Code: ValidationError; Request ID: ...; Proxy: null)

  2. The following resource(s) failed to create: [AspNetCoreFunctionRole, Bucket]. Rollback requested by user.

Picture of upload progress

I have looked at AWSLambdaFullAccess and AWSLambda_FullAccess and the other things and just have no model to follow or even know what it is referring to in any sense where I can imagine a fruitful path to proceed. What exactly is the "Member" it is referring to? Extensive research has yielded nothing of use.

I want to successfully publish my Web API. What can I look into to proceed?

guijob
  • 4,413
  • 3
  • 20
  • 39
Reid
  • 3,170
  • 2
  • 23
  • 37
  • While I finally have gotten past the problem by creating a same-named app in Visual Studio and copying the code files into it and then installing packages after that, it hits me as a bizarre problem to spontaneously occur, and so if you have the answer, I am sure someone else with the same problem in the future would love to know a simpler way. – Reid Mar 31 '21 at 09:26

2 Answers2

14

This may not be the correct or ideal solution, I tried this approach and it worked

Step 1:

Changed the Access from "AWSLambdaFullAccess" to "AWSLambda_FullAccess" in serverless.template

"Resources": {
"AspNetCoreFunction": {
  "Type": "AWS::Serverless::Function",
  "Properties": {
    "Handler": "SampleAPI::SampleAPI.LambdaEntryPoint::FunctionHandlerAsync",
    "Runtime": "dotnetcore3.1",
    "CodeUri": "",
    "MemorySize": 256,
    "Timeout": 30,
    "Role": null,
    "Policies": [
      "AWSLambda_FullAccess"
    ],
    "Environment": {
      "Variables": {
        "AppS3Bucket": {

Lambda publishing was successful after this step.

Step 2:

Then I faced an issue in accessing the DynamoDb table. I went to IAM role added the DynamoDb Execution role. (Previously I don't remember adding this role explicitly)

Karthick Trichy Chandrasekaran
  • 444
  • 4
  • 20
  • I tested it on the failing version of my project and without that change it failed and with the change it worked. Which was consistent with what my current working version had via a new project create leaving the newly created serverless.template in place. – Reid Apr 02 '21 at 00:33
9

According to https://docs.aws.amazon.com/lambda/latest/dg/access-control-identity-based.html the AWSLambdaFullAccess policy has just been deprecated and as a result my stack which I tried to update was stuck in UPDATE_ROLLBACK_FAILED.

To fix this I had to take the following steps:

  1. Manually continue the rollback of the stack from the CloudFormation page and ensuring that I was skipping the role which was referencing AWSLambdaFullAccess.
  2. Change my AWSLambdaFullAccess reference to AWSLambda_FullAccess in the CloudFormation template
  3. Update the stack using my newly updated CloudFormation template

Hope this is able to help someone!

FrostyOnion
  • 856
  • 7
  • 10
  • Thanks! This is the link to the AWS doco regarding this skipping the resources when doing the rollback: https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-update-rollback-failed/ – robnick Apr 06 '21 at 03:15