Adding an AWS_LAMBDA authentication method results in circular dependency

Question

Adding an AWS_LAMBDA authentication method results in circular dependency

chrisharrison opened this issue 2 years ago · 1 comments

If I add this:

additionalAuthenticationProviders:
      - authenticationType: API_KEY
      - authenticationType: AWS_IAM
      - authenticationType: AWS_LAMBDA
        lambdaAuthorizerConfig:
          functionName: customAuth
          authorizerResultTtlInSeconds: 300

and:

functions:
  customAuth:
    handler: build/handlers/customAuth.handle

to an existing API. I get the following error:
The CloudFormation template is invalid: Circular dependency between resources:

More specifically:

The CloudFormation template is invalid: Circular dependency between resources: [GraphQlResolverMutationcreateHeartBeat, CreateGateClosuresLambdaFunction, GraphQlSchema, GraphQlDsGetGateClosuresLambda, BackfillEpexDataLambdaFunction, BackfillTradeStatusesLambdaFunction, CreateGateClosuresSnsSubscriptionDomainservicedevschedulegate, GraphQlResolverMutationcreateZapiResponse, GraphQlDsLocal, TestDataPrivateTradesLambdaFunction, GraphQlApiKeyDefault, GraphQlResolverQuerygetPrivateTrades, GraphQlResolverMutationcreateInternalPowerTransfer, GraphQlResolverQuerygetZapiSubmissions, GraphQlApiLogGroup, GraphQlResolverMutationcreateInternalTradeAllocation, GraphQlApiLambdaAuthorizerPermission, GraphQlDsCreateInternalPowerTransferLambda, GraphQlResolverMutationcreateContract, GraphQlResolverMutationcreateCurrentGateClosures, GraphQlDsCreateZapiResponseLambda, GetGateClosuresLambdaFunction, GraphQlResolverMutationcreateNopChangeset, CreateGateClosuresLambdaPermissionDomainservicedevschedulegateSNS, RunMigrationsLambdaFunction, CustomAuthLambdaFunction, GraphQlApi, GraphQlResolverQuerygetCurrentGateClosures, GraphQlResolverQuerygetTradingAllowedState, GraphQlDsCreateInternalTradeAllocationLambda, GraphQlResolverQuerygetWapsForProducts, GraphQlDsRDS, GraphQlResolverQuerygetNop, GraphQlResolverMutationcreateNotification]

If I remove the additional authentication provider, the error goes away.

Any idea what's causing that? Because I can't see the connection between adding a new function and setting it up as an appsync authoriser and a circular dependency?

I'm using 1.4.0

Answer 1 · 2023-02-25T16:03:59.000Z

After an extensive debugging of the Cloudformation stack I found the issue and it's not related to anything this library is doing.

In case this helps anyone searching for this issue in the future, this is how I solved this...

I did a local serverless package to generate the Cloudformation files. I then ran that through an app called cfn-lint. This told me where the circular dependencies actually were.

Basically, if you use this library to add a Lambda as a custom authorizer to your API, it will add a reference to your Lambda in the main GraphQlApi object (your Appsync API instance). This means your Lambda can't have any references to Appsync as it will create a circular dependency. In my case I have an ENV var declared which will be automatically added to all functions by Serverless. This ENV var was referencing the URL of my Appsync API.