From ca1e1a0cde96ee639f144e359ba5715b477b4300 Mon Sep 17 00:00:00 2001
From: Andrei Borza <andrei.borza@sentry.io>
Date: Wed, 11 Dec 2024 10:24:39 +0100
Subject: [PATCH] feat(aws-lambda): Add `lambda:ListLayerVersions` permission
 to layer

---
 .gitignore                         | 1 +
 src/utils/awsLambdaLayerManager.ts | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/.gitignore b/.gitignore
index 802a58a7..c53729a0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ npm-debug.log
 .Trashes
 *.env
 .eslintcache
+.idea
diff --git a/src/utils/awsLambdaLayerManager.ts b/src/utils/awsLambdaLayerManager.ts
index fe7fc220..49b0d0b4 100644
--- a/src/utils/awsLambdaLayerManager.ts
+++ b/src/utils/awsLambdaLayerManager.ts
@@ -83,6 +83,13 @@ export class AwsLambdaLayerManager {
       Action: 'lambda:GetLayerVersion',
       Principal: '*',
     });
+    await lambda.addLayerVersionPermission({
+      LayerName: this.layerName,
+      VersionNumber: publishedLayer.Version,
+      StatementId: 'public',
+      Action: 'lambda:ListLayerVersions',
+      Principal: '*',
+    });
 
     if (this.verboseInfo) {
       logger.info(`Published layer in ${region} for ${this.runtime.name}: