fix: update Lambda function permissions (#755)

patheard · web-flow · commit 25a2d1d5a4d7 · 2025-10-28T11:46:43.000-07:00
Update the Lambda function permissions with the new actions
required by AWS when function URLs are used for public access.
diff --git a/lambda_response/README.md b/lambda_response/README.md
@@ -34,6 +34,8 @@ No modules.
 | [aws_iam_role_policy_attachment.redirector_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_lambda_function.redirector](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
 | [aws_lambda_function_url.redirector](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource |
+| [aws_lambda_permission.redirector_invoke_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
+| [aws_lambda_permission.redirector_invoke_function_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [aws_route53_record.cloudfront_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_record.cloudfront_certificate_validation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_zone.hosted_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
diff --git a/lambda_response/main.tf b/lambda_response/main.tf
@@ -57,6 +57,21 @@ resource "aws_lambda_function_url" "redirector" {
   authorization_type = "NONE"
 }
 
+resource "aws_lambda_permission" "redirector_invoke_function_url" {
+  statement_id           = "AllowInvokeFunctionUrl-${local.lambda_function_name}"
+  action                 = "lambda:InvokeFunctionUrl"
+  function_name          = aws_lambda_function.redirector.function_name
+  function_url_auth_type = "NONE"
+  principal              = "*"
+}
+
+resource "aws_lambda_permission" "redirector_invoke_function" {
+  statement_id  = "AllowInvokeFunction-${local.lambda_function_name}"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.redirector.function_name
+  principal     = "*"
+}
+
 #
 # Function IAM role
 #
