fix(cli-internal): add lambda authorizer import and use dynamic region in data resource#14894
Open
adrianjoshua-strutt wants to merge 3 commits into
Open
fix(cli-internal): add lambda authorizer import and use dynamic region in data resource#14894adrianjoshua-strutt wants to merge 3 commits into
adrianjoshua-strutt wants to merge 3 commits into
Conversation
adrianjoshua-strutt
force-pushed
the
fix/lambda-authorizer-auth-14813
branch
from
8c3c551 to
076e83f
Compare
sarayev
reviewed
May 19, 2026
| // eslint-disable-next-line @typescript-eslint/no-explicit-any -- untyped authConfig providers array | ||
| function findLambdaFunctionNameInProviders(providers: any[] | undefined): string | undefined { | ||
| if (!providers) return undefined; | ||
| for (const provider of providers) { |
Contributor
There was a problem hiding this comment.
question: Is it possible to have multiple Lambda providers?
Member
Author
There was a problem hiding this comment.
AppSync supports only one Lambda authorizer per API, but we iterate defensively in case the config structure has multiple providers listed
| const finalDynamicEnvVars = [...dynamicEnvVars]; | ||
| if ('REGION' in finalLiteralEnvVars) { | ||
| delete finalLiteralEnvVars.REGION; | ||
| finalDynamicEnvVars.push({ |
Contributor
There was a problem hiding this comment.
Can we have tests for this?
Member
Author
There was a problem hiding this comment.
I added region tests
adrianjoshua-strutt
force-pushed
the
fix/lambda-authorizer-auth-14813
branch
3 times, most recently
from
a664cc1 to
a1dd4e1
Compare
…n in data resource Add lambda authorizer function import to data/resource.ts when the auth config uses AWS_LAMBDA authentication. Also move REGION env var from static literal to a dynamic CDK stack.region reference. --- Prompt: Fix lambda authorizer auth config and dynamic region in gen2-migration data and function generators.
adrianjoshua-strutt
force-pushed
the
fix/lambda-authorizer-auth-14813
branch
from
a1dd4e1 to
6e691d1
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes #14813.
Two bugs in the gen2-migration code generator that caused build failures when migrating Gen1 apps with Lambda authorizer auth modes:
Missing import for Lambda authorizer function — The generated
data/resource.tsreferenced the Lambda function identifier (e.g.,myAuthFn) without emitting an import statement, producing a TypeScript compilation error.Hardcoded REGION environment variable — The
REGIONenv var was placed indefineFunction()'s staticenvironmentobject with the Gen1 deployment region (e.g.,us-east-1). This is incorrect for Gen2 where the deployment region may differ from the original Gen1 region.Changes
Data resource generation
DataRenderernow accepts an optionallambdaAuthFunctionreference describing the function name and relative import path. When present, it adds the import to the generateddata/resource.ts.DataGeneratorextracts the Lambda function name fromauthorizationModes(searching bothdefaultAuthenticationandadditionalAuthenticationProviders) and passes it to the renderer.Dynamic REGION resolution
FunctionGenerator.resolve()now intercepts theREGIONkey afterclassifyEnvVars()runs. Instead of leaving it as a retained (hardcoded) env var, it moves REGION to an escape hatch that emitsbackend.{funcName}.stack.region— the CDK token that resolves to the actual deployment region at synth time.Testing
data.renderer.test.tsupdated with Lambda auth import assertion