Commit dd2cadd
fix(interactions): add lambda:InvokeFunction permission for Function URL (#29)
## Summary
- Since October 2025, Lambda Function URLs require **both**
`lambda:InvokeFunctionUrl` (created automatically by
`aws_lambda_function_url`) **and** `lambda:InvokeFunction` in the
resource-based policy
- Without the second permission, any request to the Function URL
receives `403 Forbidden` before the Lambda handler runs — this was
causing Discord's endpoint validation PING to fail with "could not be
verified"
- Adds `aws_lambda_permission.interactions_url_invoke` to
`interactions.tf` to codify the fix; the permission was already applied
as a hotfix via `aws lambda add-permission`
- Also ignores `.make/` in `.gitignore`
## Test plan
- [x] Hotfix applied: `curl -X POST https://discord.codercoco.com/` now
returns `401 invalid request signature` (handler reached) instead of
`403 Forbidden`
- [ ] Run `terraform plan` — should show only the new
`aws_lambda_permission` resource (no destructive changes)
- [ ] Run `terraform apply` — permission is already in place; Terraform
should reconcile cleanly
- [ ] Re-enter the interactions endpoint URL in the Discord Developer
Portal and confirm "Successfully verified"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>1 parent ebda67e commit dd2cadd
2 files changed
Lines changed: 12 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
27 | 27 | | |
28 | 28 | | |
29 | 29 | | |
| 30 | + | |
| 31 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
105 | 105 | | |
106 | 106 | | |
107 | 107 | | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
108 | 118 | | |
109 | 119 | | |
110 | 120 | | |
| |||
0 commit comments