We have quite a few events for our Lambda function and the problem is that for each trigger, it generates a
AWS::Lambda::Permission. However, we now get the error The final policy size (20616) is bigger than the limit (20480)…
Is it possible to configure the
serverless.yml file in such a way that it grants access to lambda:*, instead of an individual Permission per event?
If you use python, you can use the Boto3 lambda API get_policy to see what resource-based policies are attached with your lambda functions and then use remove_permission to simplify or clean up duplicate policies or policies that aren’t needed. You can check out this article for information on how to fix this issue.
After you fix the limit error, you can create an IAM role that has policies to access lambda. Then, use that role for API Gateway to invoke lambda instead of creating individual AWS:Lambda::Permission for each lambda function.
@Bjorn121 Have you managed to get a wildcard permission specified in your serverless.yml? I am trying to get the same thing. I have a bunch of CloudWatch events that triggers my lambda function and each event get’s a permission created which gives me PolicyLengthExceededException.