Search code examples
node.jsaws-lambdaaws-sdkaws-sdk-jsaws-sso

ListFunctionsCommand returns empty array


When I list functions using the CLI I get the expected results back, however when I try do the same thing from the Node SDK I get an empty array back.

I'm using SSO, where the SSO region differs from the region my functions are in, so I'm wondering if that's something to do with it.

My profile is configured as follows:

[profile my-profile]
sso_start_url = https://something.awsapps.com/start
sso_region = eu-west-2
sso_account_id = ************
sso_role_name = MyRoleName
region = us-east-1
output = json

Using the CLI

Executing the following correctly logs me into the account and lists the functions that are listed on the region specified in the config.

aws sso login --profile my-profile
aws lambda list-functions --profile my-profile

As expected, I get a list of all the functions that exists in this account in region us-east-1.

Using the Node SDK

When I try to list the functions using the Node SDK, I get a 200 response with an empty Functions array.

import creds from "@aws-sdk/credential-providers";
import lambda from "@aws-sdk/client-lambda";

// ...

const credentials = await creds.fromSSO({ profile: 'my-profile' })();
const client = new lambda.LambdaClient({ credentials });
const fnsResult = await client.send(new lambda.ListFunctionsCommand({ }));

I cant understand what I'm doing wrong that would cause no functions to be retruned. I think it must be something to do with the sso_region being different than the region.

Other remarks

Note that in the Node SDK example, I can successfully list resources that exist in the Global region (e.g. CloudFront distributions). Which kind of backs up the theory that my client is using the wrong region.

I can also successfully list the Lambda Functions when the sso_region and region are the same. Again, this kind of backs up the theory of the wrong region being used.

I've read a couple of similar issues, however they all seem to be around using the MasterRegion property, which serves a different purpose - it's related to edge functions, which isnt applicable in my case.

Also note the package versions I'm using:

  • "@aws-sdk/client-lambda": "^3.621.0"
  • "@aws-sdk/credential-providers": "^3.621.0"

Edit

I've noticed that specifying the target region when creating the LambdaClient allows me to get the get the get the functions in that region, e.g.

const client new lambda.LambdaClient({ credentials, region: 'us-east-1' });
const fnsResult = await client.send(new lambda.ListFunctionsCommand({ }));

This now works as expected, so it does seem like the region property in the config files named profile is being ignored. I havent yet found a way to use the region from the named profile.


Solution

  • I've come up with a solution that seems to work, although it feels a little hacky. By setting the AWS_PROFILE environment variable at runtime, the client is constructed using the region from that profile.

    import creds from "@aws-sdk/credential-providers";
    import lambda from "@aws-sdk/client-lambda";
    
    // ...
    const profile = 'my-profile';
    const credentials = await creds.fromSSO({ profile })();
    process.env.AWS_PROFILE = profile;
    const client = new lambda.LambdaClient({ credentials });
    const fnsResult = await client.send(new lambda.ListFunctionsCommand({ }));
    

    Now the ListFunctionsCommand correctly finds the functions in the region specified under the my-profile section.