`generate_lambda_session_name` can return a session name >64 chars

Question

`generate_lambda_session_name` can return a session name >64 chars

lorengordon opened this issue 3 years ago · comments

Just ran into this issue... if the function name is sufficiently long, the session name returned by generate_lambda_session_name will fail...

An error occurred (ValidationError) when calling the AssumeRole operation: 1 validation error detected: Value 'new-account-trust-policy-nnnnnnnnnnn.mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm' at 'roleSessionName' failed to satisfy constraint: Member must have length less than or equal to 64

Ben Kehoe · Answer 1 · Tue May 18 2021 06:37:36 GMT+0800 (China Standard Time)

Do you think it should be the function name or the identifier that should be truncated? My gut says identifier, there's more uniqueness in it than the function name

Loren Gordon · Answer 2 · Tue May 18 2021 06:47:52 GMT+0800 (China Standard Time)

I think I agree... Use only the first 64 chars and whatever snippet of the identifier makes it, hopefully will be unique enough to trace it down...

Ben Kehoe · Answer 3 · Tue May 18 2021 09:10:42 GMT+0800 (China Standard Time)

Try version 1.7. I tried to make it smart, so the format is always kept, rather than just truncating it plainly. See the readme.

Loren Gordon · Answer 4 · Tue May 18 2021 21:16:12 GMT+0800 (China Standard Time)

Works like a champ, thanks!