Skip to content

(gen2-migration) generate command should handle function to function access #14574

New issue
New issue
Open
Feature
Open
(gen2-migration) generate command should handle function to function access#14574
Feature
Assignees
dgandhi62
Labels
gen2-migration
@iliapolo

Description

@iliapolo
iliapolo
opened on Feb 1, 2026

Is this feature request related to a new or existing Amplify category?

No response

Is this related to another service?

No response

Describe the feature you'd like to request

In Gen1 functions can be configured to access other functions. For example:

? Do you want to configure advanced settings? Yes
? Do you want to access other resources in this project from your Lambda function? Yes
? Select the categories you want this function to have access to. function
? Select the operations you want to permit on quotegenerator create, read, update, delete

You can access the following resource attributes as environment variables from your Lambda function
        ENV
        FUNCTION_QUOTEGENERATOR_NAME
        REGION

The generated Gen2 code should configure and allow the same access.

Describe the solution you'd like

Internally, this creates the following relevant parts in the CFN template:

IAM Permissions:

"AmplifyResourcesPolicy": {
    "DependsOn": ["LambdaExecutionRole"],
    "Type": "AWS::IAM::Policy",
    "Properties": {
        "PolicyName": "amplify-lambda-execution-policy",
        "Roles": [{ "Ref": "LambdaExecutionRole" }],
        "PolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [{"Effect":"Allow","Action":["lambda:Create*","lambda:Put*","lambda:Add*","lambda:Get*","lambda:List*","lambda:Invoke*","lambda:Update*","lambda:Delete*","lambda:Remove*"],"Resource":[{"Fn::Join":["",["arn:aws:lambda:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":function:",{"Ref":"functionquotegeneratorName"}]]}]}]
        }
    }
}

Environment Variable:

"Environment": {
    "Variables" : {"ENV":{"Ref":"env"},"REGION":{"Ref":"AWS::Region"},"FUNCTION_QUOTEGENERATOR_NAME":{"Ref":"functionquotegeneratorName"}}
},

The generate command should inspect this template (similarly to what it does for other function access types) and generate the following code:

// environment variable
backend.functionA.addEnvironment('FUNCTION_FUNCTIONB_NAME', backend.functionB.resources.lambda.functionName);


// permissions
backend.functionA.resources.lambda.addToRolePolicy(new aws_iam.PolicyStatement({
    actions: ["lambda:Create*", "lambda:Put*", "lambda:Add*", "lambda:Get*", "lambda:List*", "lambda:Invoke*", "lambda:Update*", "lambda:Delete*", "lambda:Remove*"],
    resources: [backend.functionB.resources.lambda.functionArn]
}))

Describe alternatives you've considered

None

Additional context

No response

Is this something that you'd be interested in working on?

  • 👋 I may be able to implement this feature request

Would this feature include a breaking change?

  • ⚠️ This feature might incur a breaking change

Metadata

Metadata

Assignees

Labels

gen2-migration

Type

Feature

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions