From e3b754d08a54c7c2d0d0e078fe18a223fdfac38b Mon Sep 17 00:00:00 2001 From: GZ <yuanhaoz@amazon.com> Date: Mon, 18 Sep 2023 12:04:47 -0700 Subject: [PATCH 1/6] Add UpdateReplacePolicy and DeletionPolicy to Integ Test Resoruces (#3345) --- .../combination/api_with_authorizers_min.yaml | 4 ++++ .../connector_bucket_to_function_write.yaml | 2 ++ .../connector_event_rule_to_eb_default_write.yaml | 8 ++++++++ .../combination/connector_sfn_to_sqs_write.yaml | 4 ++++ .../function_with_alias_and_event_sources.yaml | 8 ++++++++ .../combination/function_with_all_event_types.yaml | 10 ++++++++++ .../combination/function_with_cloudwatch_log.yaml | 2 ++ 7 files changed, 38 insertions(+) diff --git a/integration/resources/templates/combination/api_with_authorizers_min.yaml b/integration/resources/templates/combination/api_with_authorizers_min.yaml index 107673821..124cdf6ba 100644 --- a/integration/resources/templates/combination/api_with_authorizers_min.yaml +++ b/integration/resources/templates/combination/api_with_authorizers_min.yaml @@ -101,11 +101,15 @@ Resources: } MyCognitoUserPool: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::Cognito::UserPool Properties: UserPoolName: MyCognitoUserPool MyCognitoUserPoolClient: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::Cognito::UserPoolClient Properties: UserPoolId: diff --git a/integration/resources/templates/combination/connector_bucket_to_function_write.yaml b/integration/resources/templates/combination/connector_bucket_to_function_write.yaml index 041d7459c..54843f79e 100644 --- a/integration/resources/templates/combination/connector_bucket_to_function_write.yaml +++ b/integration/resources/templates/combination/connector_bucket_to_function_write.yaml @@ -4,6 +4,8 @@ Parameters: Resources: VerificationQueue: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::SQS::Queue TriggerFunction: diff --git a/integration/resources/templates/combination/connector_event_rule_to_eb_default_write.yaml b/integration/resources/templates/combination/connector_event_rule_to_eb_default_write.yaml index 526fcade0..f8cdaf492 100644 --- a/integration/resources/templates/combination/connector_event_rule_to_eb_default_write.yaml +++ b/integration/resources/templates/combination/connector_event_rule_to_eb_default_write.yaml @@ -46,11 +46,15 @@ Resources: QueueName: !GetAtt VerificationQueue.QueueName CustomEventBus: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::Events::EventBus Properties: Name: !Sub "${AWS::StackName}-EventBus" EventRule: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::Events::Rule Properties: Description: !Sub 'EventRule-${AWS::StackName}' @@ -86,6 +90,8 @@ Resources: - Write VerificationEventRule: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::Events::Rule Properties: Description: !Sub 'EventRule-${AWS::StackName}-verification' @@ -97,6 +103,8 @@ Resources: Id: SQSqueue VerificationQueue: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::SQS::Queue ConnectorNotBeingTested: diff --git a/integration/resources/templates/combination/connector_sfn_to_sqs_write.yaml b/integration/resources/templates/combination/connector_sfn_to_sqs_write.yaml index d1bcd003a..3de8fc13c 100644 --- a/integration/resources/templates/combination/connector_sfn_to_sqs_write.yaml +++ b/integration/resources/templates/combination/connector_sfn_to_sqs_write.yaml @@ -1,5 +1,7 @@ Resources: TriggerStateMachine: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::Serverless::StateMachine Properties: Type: EXPRESS @@ -18,6 +20,8 @@ Resources: FunctionName: SomethingDoesNotMatter MyQueue: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::SQS::Queue MyConnector: diff --git a/integration/resources/templates/combination/function_with_alias_and_event_sources.yaml b/integration/resources/templates/combination/function_with_alias_and_event_sources.yaml index 85336c25b..bbc162e73 100644 --- a/integration/resources/templates/combination/function_with_alias_and_event_sources.yaml +++ b/integration/resources/templates/combination/function_with_alias_and_event_sources.yaml @@ -70,9 +70,13 @@ Resources: StartingPosition: LATEST Notifications: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::SNS::Topic Images: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::S3::Bucket ExistingRestApi: @@ -82,12 +86,16 @@ Resources: DefinitionUri: ${definitionuri} Stream: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::Kinesis::Stream Properties: ShardCount: 1 # What an irony the I can't use AWS::Serverless::SimpleTable here because it doesn't support streams specification MyTable: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::DynamoDB::Table Properties: # Enable DDB streams diff --git a/integration/resources/templates/combination/function_with_all_event_types.yaml b/integration/resources/templates/combination/function_with_all_event_types.yaml index a8272d26a..0cb7922a1 100644 --- a/integration/resources/templates/combination/function_with_all_event_types.yaml +++ b/integration/resources/templates/combination/function_with_all_event_types.yaml @@ -107,25 +107,35 @@ Resources: Method: get Notifications: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Condition: MyCondition Type: AWS::SNS::Topic Images: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::S3::Bucket CloudWatchLambdaLogsGroup: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::Logs::LogGroup Condition: MyCondition Properties: RetentionInDays: 7 MyStream: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::Kinesis::Stream Condition: MyCondition Properties: ShardCount: 1 MyDynamoDB: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::DynamoDB::Table Condition: MyCondition Properties: diff --git a/integration/resources/templates/combination/function_with_cloudwatch_log.yaml b/integration/resources/templates/combination/function_with_cloudwatch_log.yaml index 5502cd540..0aa9680e9 100644 --- a/integration/resources/templates/combination/function_with_cloudwatch_log.yaml +++ b/integration/resources/templates/combination/function_with_cloudwatch_log.yaml @@ -15,6 +15,8 @@ Resources: FilterPattern: My filter pattern CloudWatchLambdaLogsGroup: + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Type: AWS::Logs::LogGroup Properties: RetentionInDays: 7 From 78cc2c7f30533b4d2fc2d9dfecc417c01fb0e682 Mon Sep 17 00:00:00 2001 From: Slava Senchenko <sencslav@amazon.com> Date: Wed, 20 Sep 2023 11:08:22 -0700 Subject: [PATCH 2/6] Safe Auth in function URL tests (#3348) --- .../single/basic_function_with_function_url_config.yaml | 2 +- .../basic_function_with_function_url_with_autopuplishalias.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/integration/resources/templates/single/basic_function_with_function_url_config.yaml b/integration/resources/templates/single/basic_function_with_function_url_config.yaml index 76a086ba5..39f38eb04 100644 --- a/integration/resources/templates/single/basic_function_with_function_url_config.yaml +++ b/integration/resources/templates/single/basic_function_with_function_url_config.yaml @@ -7,7 +7,7 @@ Resources: CodeUri: ${codeuri} MemorySize: 128 FunctionUrlConfig: - AuthType: NONE + AuthType: AWS_IAM Cors: AllowOrigins: - https://foo.com diff --git a/integration/resources/templates/single/basic_function_with_function_url_with_autopuplishalias.yaml b/integration/resources/templates/single/basic_function_with_function_url_with_autopuplishalias.yaml index ccaaf9ac3..faea46a85 100644 --- a/integration/resources/templates/single/basic_function_with_function_url_with_autopuplishalias.yaml +++ b/integration/resources/templates/single/basic_function_with_function_url_with_autopuplishalias.yaml @@ -8,7 +8,7 @@ Resources: MemorySize: 128 AutoPublishAlias: live FunctionUrlConfig: - AuthType: NONE + AuthType: AWS_IAM Cors: AllowOrigins: - https://foo.com From 47c1f6a1e986482ab1726e5b72558c2237fe23ab Mon Sep 17 00:00:00 2001 From: Slava Senchenko <sencslav@amazon.com> Date: Thu, 21 Sep 2023 11:43:59 -0700 Subject: [PATCH 3/6] chore: update docs (#3349) --- samtranslator/internal/schema_source/sam-docs.json | 10 +++++----- samtranslator/schema/schema.json | 6 +++--- schema_source/sam.schema.json | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/samtranslator/internal/schema_source/sam-docs.json b/samtranslator/internal/schema_source/sam-docs.json index e5992350a..ddc3bf8c4 100644 --- a/samtranslator/internal/schema_source/sam-docs.json +++ b/samtranslator/internal/schema_source/sam-docs.json @@ -448,7 +448,7 @@ "ServiceRoleArn": "The AWS Identity and Access Management \\(IAM\\) service role ARN for the data source\\. The system assumes this role when accessing the data source\\. \nTo revoke access to your data source, remove the Lambda object from your AWS SAM template\\.\n*Type*: String \n*Required*: No\\. If not specified, AWS SAM will provision `Write` permissions using [AWS SAM connectors](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/managing-permissions-connectors.html)\\. \n*AWS CloudFormation compatibility*: This property is passed directly to the [`ServiceRoleArn`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-servicerolearn) property of an `AWS::AppSync::DataSource` resource\\." }, "sam-property-graphqlapi-function": { - "CodeUri": "The function code\u2019s Amazon Simple Storage Service \\(Amazon S3\\) URI or path to local folder\\. \nIf you specify a path to a local folder, AWS CloudFormation requires that the file is first uploaded to Amazon S3 before deployment\\. You can use the AWS SAM CLI to facilitate this process\\. For more information, see [Using the AWS SAM CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`CodeS3Location`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-codes3location) property of an `AWS::AppSync::FunctionConfiguration` resource\\.", + "CodeUri": "The function code\u2019s Amazon Simple Storage Service \\(Amazon S3\\) URI or path to local folder\\. \nIf you specify a path to a local folder, AWS CloudFormation requires that the file is first uploaded to Amazon S3 before deployment\\. You can use the AWS SAM\u00a0CLI to facilitate this process\\. For more information, see [Using the AWS SAM\u00a0CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`CodeS3Location`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-codes3location) property of an `AWS::AppSync::FunctionConfiguration` resource\\.", "DataSource": "The name of the data source that this function will attach to\\. \n+ To reference a data source within the `AWS::Serverless::GraphQLApi` resource, specify its logical ID\\.\n+ To reference a data source outside of the `AWS::Serverless::GraphQLApi` resource, provide its `Name` attribute using the `Fn::GetAtt` intrinsic function\\. For example, `!GetAtt MyLambdaDataSource.Name`\\.\n+ To reference a data source from a different stack, use `[Fn::ImportValue](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)`\\.\nIf a variation of `[NONE | None | none]` is specified, AWS SAM will generate a `None` value for the `AWS::AppSync::DataSource` [`Type`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-type) object\\. \n*Type*: String \n*Required*: Yes \n*AWS CloudFormation compatibility*: This property is passed directly to the [`DataSourceName`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-datasourcename) property of an `AWS::AppSync::FunctionConfiguration` resource\\.", "Description": "The description of your function\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`Description`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-description) property of an `AWS::AppSync::FunctionConfiguration` resource\\.", "Id": "The Function ID for a function located outside of the `AWS::Serverless::GraphQLApi` resource\\. \n+ To reference a function within the same AWS SAM template, use the `Fn::GetAtt` intrinsic function\\. For example `Id: !GetAtt createPostItemFunc.FunctionId`\\.\n+ To reference a function from a different stack, use `[Fn::ImportValue](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)`\\.\nWhen using `Id`, all other properties are not allowed\\. AWS SAM will automatically pass the Function ID of your referenced function\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn\u2019t have an AWS CloudFormation equivalent\\.", @@ -465,7 +465,7 @@ }, "sam-property-graphqlapi-resolver": { "Caching": "The caching configuration for the resolver that has caching activated\\. \n*Type*: [CachingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-resolver-cachingconfig.html) \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`CachingConfig`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-cachingconfig) property of an `AWS::AppSync::Resolver` resource\\.", - "CodeUri": "The resolver function code\u2019s Amazon Simple Storage Service \\(Amazon S3\\) URI or path to a local folder\\. \nIf you specify a path to a local folder, AWS CloudFormation requires that the file is first uploaded to Amazon S3 before deployment\\. You can use the AWS SAM CLI to facilitate this process\\. For more information, see [Using the AWS SAM CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \nIf neither `CodeUri` or `InlineCode` are provided, AWS SAM will generate `InlineCode` that redirects the request to the first pipeline function and receives the response from the last pipeline function\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`CodeS3Location`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-codes3location) property of an `AWS::AppSync::Resolver` resource\\.", + "CodeUri": "The resolver function code\u2019s Amazon Simple Storage Service \\(Amazon S3\\) URI or path to a local folder\\. \nIf you specify a path to a local folder, AWS CloudFormation requires that the file is first uploaded to Amazon S3 before deployment\\. You can use the AWS SAM\u00a0CLI to facilitate this process\\. For more information, see [Using the AWS SAM\u00a0CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \nIf neither `CodeUri` or `InlineCode` are provided, AWS SAM will generate `InlineCode` that redirects the request to the first pipeline function and receives the response from the last pipeline function\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`CodeS3Location`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-codes3location) property of an `AWS::AppSync::Resolver` resource\\.", "FieldName": "The name of your resolver\\. Specify this property to override the `LogicalId` value\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`FieldName`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-fieldname) property of an `AWS::AppSync::Resolver` resource\\.", "InlineCode": "The resolver code that contains the request and response functions\\. \nIf neither `CodeUri` or `InlineCode` are provided, AWS SAM will generate `InlineCode` that redirects the request to the first pipeline function and receives the response from the last pipeline function\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`Code`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-code) property of an `AWS::AppSync::Resolver` resource\\.", "LogicalId": "The unique name for your resolver\\. In a GraphQL schema, your resolver name should match the field name that its used for\\. Use that same field name for `LogicalId`\\. \n*Type*: String \n*Required*: Yes \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn\u2019t have an AWS CloudFormation equivalent\\.", @@ -688,7 +688,7 @@ "AutoPublishAliasAllProperties": "Specifies when a new [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html) is created\\. When `true`, a new Lambda version is created when any property in the Lambda function is modified\\. When `false`, a new Lambda version is created only when any of the following properties are modified: \n+ `Environment`, `MemorySize`, or `SnapStart`\\.\n+ Any change that results in an update to the `Code` property, such as `CodeDict`, `ImageUri`, or `InlineCode`\\.\nThis property requires `AutoPublishAlias` to be defined\\. \nIf `AutoPublishSha256` is also specified, its behavior takes precedence over `AutoPublishAliasAllProperties: true`\\. \n*Type*: Boolean \n*Required*: No \n*Default value*: `false` \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.", "AutoPublishCodeSha256": "The string value that is used, along with the value in `CodeUri`, to determine whether a new Lambda version should be published\\. This property is only used when `AutoPublishAlias` is also defined\\. \nThis property addresses a problem that occurs when an AWS SAM template has the following characteristics: the `DeploymentPreference` object is configured for gradual deployments \\(as described in [Deploying serverless applications gradually](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/automating-updates-to-serverless-apps.html)\\), the `AutoPublishAlias` property is set and doesn't change between deployments, and the `CodeUri` property is set and doesn't change between deployments\\. \nThis scenario can occur when the deployment package stored in an Amazon Simple Storage Service \\(Amazon S3\\) location is replaced by a new deployment package that contains updated Lambda function code, but the `CodeUri` property remains unchanged \\(as opposed to the new deployment package being uploaded to a new Amazon S3 location and the `CodeUri` being changed to the new location\\)\\. \nIn this scenario, to trigger the gradual deployment successfully, you must provide a unique value for `AutoPublishCodeSha256`\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.", "CodeSigningConfigArn": "The ARN of the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html) resource, used to enable code signing for this function\\. For more information about code signing, see [Configuring code signing for AWS SAM applications](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/authoring-codesigning.html)\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`CodeSigningConfigArn`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-codesigningconfigarn) property of an `AWS::Lambda::Function` resource\\.", - "CodeUri": "The code for the function\\. Accepted values include: \n+ The function's Amazon S3 URI\\. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`\\.\n+ The local path to the function\\. For example, `hello_world/`\\.\n+ A [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object\\.\nIf you provide a function's Amazon S3 URI or [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html)\\. \nIf you provide a local file path, use the AWS SAM CLI to upload the local file at deployment\\. To learn more, see [Using the AWS SAM CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: \\[ String \\| [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) \\] \n*Required*: Conditional\\. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required\\. \n*AWS CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource\\. The nested Amazon S3 properties are named differently\\.", + "CodeUri": "The code for the function\\. Accepted values include: \n+ The function's Amazon S3 URI\\. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`\\.\n+ The local path to the function\\. For example, `hello_world/`\\.\n+ A [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object\\.\nIf you provide a function's Amazon S3 URI or [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html)\\. \nIf you provide a local file path, use the AWS SAM\u00a0CLI to upload the local file at deployment\\. To learn more, see [Using the AWS SAM\u00a0CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: \\[ String \\| [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) \\] \n*Required*: Conditional\\. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required\\. \n*AWS CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource\\. The nested Amazon S3 properties are named differently\\.", "DeadLetterQueue": "Configures an Amazon Simple Notification Service \\(Amazon SNS\\) topic or Amazon Simple Queue Service \\(Amazon SQS\\) queue where Lambda sends events that it can't process\\. For more information about dead\\-letter queue functionality, see [AWS Lambda function dead letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq) in the *AWS Lambda Developer Guide*\\. \nIf your Lambda function's event source is an Amazon SQS queue, configure a dead\\-letter queue for the source queue, not for the Lambda function\\. The dead\\-letter queue that you configure for a function is used for the function's [asynchronous invocation queue](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html), not for event source queues\\.\n*Type*: Map \\| [DeadLetterQueue](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-deadletterqueue.html) \n*Required*: No \n*AWS CloudFormation compatibility*: This property is similar to the [`DeadLetterConfig`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-deadletterconfig.html) property of an `AWS::Lambda::Function` resource\\. In AWS CloudFormation the type is derived from the `TargetArn`, whereas in AWS SAM you must pass the type along with the `TargetArn`\\.", "DeploymentPreference": "The settings to enable gradual Lambda deployments\\. \nIf a `DeploymentPreference` object is specified, AWS SAM creates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-application.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-application.html) called `ServerlessDeploymentApplication` \\(one per stack\\), an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-deploymentgroup.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-deploymentgroup.html) called `<function-logical-id>DeploymentGroup`, and an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html) called `CodeDeployServiceRole`\\. \n*Type*: [DeploymentPreference](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-deploymentpreference.html) \n*Required*: No \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\. \n*See also*: For more information about this property, see [Deploying serverless applications gradually](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/automating-updates-to-serverless-apps.html)\\.", "Description": "A description of the function\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`Description`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-description) property of an `AWS::Lambda::Function` resource\\.", @@ -706,7 +706,7 @@ "KmsKeyArn": "The ARN of an AWS Key Management Service \\(AWS KMS\\) key that Lambda uses to encrypt and decrypt your function's environment variables\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`KmsKeyArn`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-kmskeyarn) property of an `AWS::Lambda::Function` resource\\.", "Layers": "The list of `LayerVersion` ARNs that this function should use\\. The order specified here is the order in which they will be imported when running the Lambda function\\. \n*Type*: List \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`Layers`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-layers) property of an `AWS::Lambda::Function` resource\\.", "MemorySize": "The size of the memory in MB allocated per invocation of the function\\. \n*Type*: Integer \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`MemorySize`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-memorysize) property of an `AWS::Lambda::Function` resource\\.", - "PackageType": "The deployment package type of the Lambda function\\. For more information, see [Lambda deployment packages](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) in the *AWS Lambda Developer Guide*\\. \n**Notes**: \n1\\. If this property is set to `Zip` \\(default\\), then either `CodeUri` or `InlineCode` applies, and `ImageUri` is ignored\\. \n2\\. If this property is set to `Image`, then only `ImageUri` applies, and both `CodeUri` and `InlineCode` are ignored\\. The Amazon ECR repository required to store the function's container image can be auto created by the AWS SAM CLI\\. For more information, see [sam deploy](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-deploy.html)\\. \n*Valid values*: `Zip` or `Image` \n*Type*: String \n*Required*: No \n*Default*: `Zip` \n*AWS CloudFormation compatibility*: This property is passed directly to the [`PackageType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype) property of an `AWS::Lambda::Function` resource\\.", + "PackageType": "The deployment package type of the Lambda function\\. For more information, see [Lambda deployment packages](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) in the *AWS Lambda Developer Guide*\\. \n**Notes**: \n1\\. If this property is set to `Zip` \\(default\\), then either `CodeUri` or `InlineCode` applies, and `ImageUri` is ignored\\. \n2\\. If this property is set to `Image`, then only `ImageUri` applies, and both `CodeUri` and `InlineCode` are ignored\\. The Amazon ECR repository required to store the function's container image can be auto created by the AWS SAM\u00a0CLI\\. For more information, see [sam deploy](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-deploy.html)\\. \n*Valid values*: `Zip` or `Image` \n*Type*: String \n*Required*: No \n*Default*: `Zip` \n*AWS CloudFormation compatibility*: This property is passed directly to the [`PackageType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype) property of an `AWS::Lambda::Function` resource\\.", "PermissionsBoundary": "The ARN of a permissions boundary to use for this function's execution role\\. This property works only if the role is generated for you\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`PermissionsBoundary`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary) property of an `AWS::IAM::Role` resource\\.", "Policies": "Permission policies for this function\\. Policies will be appended to the function's default AWS Identity and Access Management \\(IAM\\) execution role\\. \nThis property accepts a single value or list of values\\. Allowed values include: \n+ [AWS SAM policy templates](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-templates.html)\\.\n+ The ARN of an [AWS managed policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) or [ customer managed policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#customer-managed-policies)\\.\n+ The name of an AWS managed policy from the following [ list](https://github.com/aws/serverless-application-model/blob/develop/samtranslator/internal/data/aws_managed_policies.json)\\.\n+ An [ inline IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#inline-policies) formatted in YAML as a map\\.\nIf you set the `Role` property, this property is ignored\\.\n*Type*: String \\| List \\| Map \n*Required*: No \n*AWS CloudFormation compatibility*: This property is similar to the [`Policies`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies) property of an `AWS::IAM::Role` resource\\.", "PropagateTags": "Indicate whether or not to pass tags from the `Tags` property to your [AWS::Serverless::Function](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources-function.html) generated resources\\. Specify `True` to propagate tags in your generated resources\\. \n*Type*: Boolean \n*Required*: No \n*Default*: `False` \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.", @@ -735,7 +735,7 @@ "Name": "The name of your GraphQL API\\. Specify this property to override the `LogicalId` value\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`Name`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-name) property of an `AWS::AppSync::GraphQLApi` resource\\.", "Resolvers": "Configure resolvers for the fields of your GraphQL API\\. AWS SAM supports [JavaScript pipeline resolvers](https://docs.aws.amazon.com/appsync/latest/devguide/resolver-reference-overview-js.html#anatomy-of-a-pipeline-resolver-js)\\. \n*Type*: [Resolver](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-graphqlapi-resolver.html) \n*Required*: Yes \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn\u2019t have an AWS CloudFormation equivalent\\.", "SchemaInline": "The text representation of a GraphQL schema in SDL format\\. \n*Type*: String \n*Required*: Conditional\\. You must specify `SchemaInline` or `SchemaUri`\\. \n*AWS CloudFormation compatibility*: This property is passed directly to the [`Definition`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlschema.html#cfn-appsync-graphqlschema-definition) property of an `AWS::AppSync::GraphQLSchema` resource\\.", - "SchemaUri": "The schema\u2019s Amazon Simple Storage Service \\(Amazon S3\\) bucket URI or path to a local folder\\. \nIf you specify a path to a local folder, AWS CloudFormation requires that the file is first uploaded to Amazon S3 before deployment\\. You can use the AWS SAM CLI to facilitate this process\\. For more information, see [Using the AWS SAM CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: String \n*Required*: Conditional\\. You must specify `SchemaInline` or `SchemaUri`\\. \n*AWS CloudFormation compatibility*: This property is passed directly to the [`DefinitionS3Location`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlschema.html#cfn-appsync-graphqlschema-definitions3location) property of an `AWS::AppSync::GraphQLSchema` resource\\.", + "SchemaUri": "The schema\u2019s Amazon Simple Storage Service \\(Amazon S3\\) bucket URI or path to a local folder\\. \nIf you specify a path to a local folder, AWS CloudFormation requires that the file is first uploaded to Amazon S3 before deployment\\. You can use the AWS SAM\u00a0CLI to facilitate this process\\. For more information, see [Using the AWS SAM\u00a0CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: String \n*Required*: Conditional\\. You must specify `SchemaInline` or `SchemaUri`\\. \n*AWS CloudFormation compatibility*: This property is passed directly to the [`DefinitionS3Location`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlschema.html#cfn-appsync-graphqlschema-definitions3location) property of an `AWS::AppSync::GraphQLSchema` resource\\.", "Tags": "Tags \\(key\\-value pairs\\) for this GraphQL API\\. Use tags to identify and categorize resources\\. \n*Type*: List of [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`Tag`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-tags) property of an `AWS::AppSync::GraphQLApi` resource\\.", "XrayEnabled": "Indicate whether to use [AWS X\\-Ray tracing](https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html) for this resource\\. \n*Type*: Boolean \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`XrayEnabled`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-xrayenabled) property of an `AWS::AppSync::GraphQLApi` resource\\." }, diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index e24052663..f15cb6e32 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -252625,7 +252625,7 @@ "$ref": "#/definitions/CodeUri" } ], - "markdownDescription": "The code for the function\\. Accepted values include: \n+ The function's Amazon S3 URI\\. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`\\.\n+ The local path to the function\\. For example, `hello_world/`\\.\n+ A [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object\\.\nIf you provide a function's Amazon S3 URI or [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html)\\. \nIf you provide a local file path, use the AWS SAM CLI to upload the local file at deployment\\. To learn more, see [Using the AWS SAM CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: \\[ String \\| [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) \\] \n*Required*: Conditional\\. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required\\. \n*AWS CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource\\. The nested Amazon S3 properties are named differently\\.", + "markdownDescription": "The code for the function\\. Accepted values include: \n+ The function's Amazon S3 URI\\. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`\\.\n+ The local path to the function\\. For example, `hello_world/`\\.\n+ A [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object\\.\nIf you provide a function's Amazon S3 URI or [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html)\\. \nIf you provide a local file path, use the AWS SAM\u00a0CLI to upload the local file at deployment\\. To learn more, see [Using the AWS SAM\u00a0CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: \\[ String \\| [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) \\] \n*Required*: Conditional\\. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required\\. \n*AWS CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource\\. The nested Amazon S3 properties are named differently\\.", "title": "CodeUri" }, "DeadLetterQueue": { @@ -252867,7 +252867,7 @@ "$ref": "#/definitions/CodeUri" } ], - "markdownDescription": "The code for the function\\. Accepted values include: \n+ The function's Amazon S3 URI\\. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`\\.\n+ The local path to the function\\. For example, `hello_world/`\\.\n+ A [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object\\.\nIf you provide a function's Amazon S3 URI or [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html)\\. \nIf you provide a local file path, use the AWS SAM CLI to upload the local file at deployment\\. To learn more, see [Using the AWS SAM CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: \\[ String \\| [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) \\] \n*Required*: Conditional\\. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required\\. \n*AWS CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource\\. The nested Amazon S3 properties are named differently\\.", + "markdownDescription": "The code for the function\\. Accepted values include: \n+ The function's Amazon S3 URI\\. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`\\.\n+ The local path to the function\\. For example, `hello_world/`\\.\n+ A [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object\\.\nIf you provide a function's Amazon S3 URI or [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html)\\. \nIf you provide a local file path, use the AWS SAM\u00a0CLI to upload the local file at deployment\\. To learn more, see [Using the AWS SAM\u00a0CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: \\[ String \\| [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) \\] \n*Required*: Conditional\\. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required\\. \n*AWS CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource\\. The nested Amazon S3 properties are named differently\\.", "title": "CodeUri" }, "DeadLetterQueue": { @@ -253060,7 +253060,7 @@ "$ref": "#/definitions/PassThroughProp" } ], - "markdownDescription": "The deployment package type of the Lambda function\\. For more information, see [Lambda deployment packages](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) in the *AWS Lambda Developer Guide*\\. \n**Notes**: \n1\\. If this property is set to `Zip` \\(default\\), then either `CodeUri` or `InlineCode` applies, and `ImageUri` is ignored\\. \n2\\. If this property is set to `Image`, then only `ImageUri` applies, and both `CodeUri` and `InlineCode` are ignored\\. The Amazon ECR repository required to store the function's container image can be auto created by the AWS SAM CLI\\. For more information, see [sam deploy](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-deploy.html)\\. \n*Valid values*: `Zip` or `Image` \n*Type*: String \n*Required*: No \n*Default*: `Zip` \n*AWS CloudFormation compatibility*: This property is passed directly to the [`PackageType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype) property of an `AWS::Lambda::Function` resource\\.", + "markdownDescription": "The deployment package type of the Lambda function\\. For more information, see [Lambda deployment packages](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) in the *AWS Lambda Developer Guide*\\. \n**Notes**: \n1\\. If this property is set to `Zip` \\(default\\), then either `CodeUri` or `InlineCode` applies, and `ImageUri` is ignored\\. \n2\\. If this property is set to `Image`, then only `ImageUri` applies, and both `CodeUri` and `InlineCode` are ignored\\. The Amazon ECR repository required to store the function's container image can be auto created by the AWS SAM\u00a0CLI\\. For more information, see [sam deploy](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-deploy.html)\\. \n*Valid values*: `Zip` or `Image` \n*Type*: String \n*Required*: No \n*Default*: `Zip` \n*AWS CloudFormation compatibility*: This property is passed directly to the [`PackageType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype) property of an `AWS::Lambda::Function` resource\\.", "title": "PackageType" }, "PermissionsBoundary": { diff --git a/schema_source/sam.schema.json b/schema_source/sam.schema.json index 1d2461362..b87915663 100644 --- a/schema_source/sam.schema.json +++ b/schema_source/sam.schema.json @@ -5215,7 +5215,7 @@ "$ref": "#/definitions/CodeUri" } ], - "markdownDescription": "The code for the function\\. Accepted values include: \n+ The function's Amazon S3 URI\\. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`\\.\n+ The local path to the function\\. For example, `hello_world/`\\.\n+ A [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object\\.\nIf you provide a function's Amazon S3 URI or [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html)\\. \nIf you provide a local file path, use the AWS SAM CLI to upload the local file at deployment\\. To learn more, see [Using the AWS SAM CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: \\[ String \\| [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) \\] \n*Required*: Conditional\\. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required\\. \n*AWS CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource\\. The nested Amazon S3 properties are named differently\\.", + "markdownDescription": "The code for the function\\. Accepted values include: \n+ The function's Amazon S3 URI\\. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`\\.\n+ The local path to the function\\. For example, `hello_world/`\\.\n+ A [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object\\.\nIf you provide a function's Amazon S3 URI or [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html)\\. \nIf you provide a local file path, use the AWS SAM\u00a0CLI to upload the local file at deployment\\. To learn more, see [Using the AWS SAM\u00a0CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: \\[ String \\| [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) \\] \n*Required*: Conditional\\. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required\\. \n*AWS CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource\\. The nested Amazon S3 properties are named differently\\.", "title": "CodeUri" }, "DeadLetterQueue": { @@ -5569,7 +5569,7 @@ "$ref": "#/definitions/CodeUri" } ], - "markdownDescription": "The code for the function\\. Accepted values include: \n+ The function's Amazon S3 URI\\. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`\\.\n+ The local path to the function\\. For example, `hello_world/`\\.\n+ A [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object\\.\nIf you provide a function's Amazon S3 URI or [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html)\\. \nIf you provide a local file path, use the AWS SAM CLI to upload the local file at deployment\\. To learn more, see [Using the AWS SAM CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: \\[ String \\| [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) \\] \n*Required*: Conditional\\. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required\\. \n*AWS CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource\\. The nested Amazon S3 properties are named differently\\.", + "markdownDescription": "The code for the function\\. Accepted values include: \n+ The function's Amazon S3 URI\\. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`\\.\n+ The local path to the function\\. For example, `hello_world/`\\.\n+ A [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object\\.\nIf you provide a function's Amazon S3 URI or [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html)\\. \nIf you provide a local file path, use the AWS SAM\u00a0CLI to upload the local file at deployment\\. To learn more, see [Using the AWS SAM\u00a0CLI to upload local files at deployment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/deploy-upload-local-files.html)\\. \n*Type*: \\[ String \\| [FunctionCode](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-functioncode.html) \\] \n*Required*: Conditional\\. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required\\. \n*AWS CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource\\. The nested Amazon S3 properties are named differently\\.", "title": "CodeUri" }, "DeadLetterQueue": { @@ -5869,7 +5869,7 @@ "$ref": "#/definitions/PassThroughProp" } ], - "markdownDescription": "The deployment package type of the Lambda function\\. For more information, see [Lambda deployment packages](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) in the *AWS Lambda Developer Guide*\\. \n**Notes**: \n1\\. If this property is set to `Zip` \\(default\\), then either `CodeUri` or `InlineCode` applies, and `ImageUri` is ignored\\. \n2\\. If this property is set to `Image`, then only `ImageUri` applies, and both `CodeUri` and `InlineCode` are ignored\\. The Amazon ECR repository required to store the function's container image can be auto created by the AWS SAM CLI\\. For more information, see [sam deploy](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-deploy.html)\\. \n*Valid values*: `Zip` or `Image` \n*Type*: String \n*Required*: No \n*Default*: `Zip` \n*AWS CloudFormation compatibility*: This property is passed directly to the [`PackageType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype) property of an `AWS::Lambda::Function` resource\\.", + "markdownDescription": "The deployment package type of the Lambda function\\. For more information, see [Lambda deployment packages](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) in the *AWS Lambda Developer Guide*\\. \n**Notes**: \n1\\. If this property is set to `Zip` \\(default\\), then either `CodeUri` or `InlineCode` applies, and `ImageUri` is ignored\\. \n2\\. If this property is set to `Image`, then only `ImageUri` applies, and both `CodeUri` and `InlineCode` are ignored\\. The Amazon ECR repository required to store the function's container image can be auto created by the AWS SAM\u00a0CLI\\. For more information, see [sam deploy](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-deploy.html)\\. \n*Valid values*: `Zip` or `Image` \n*Type*: String \n*Required*: No \n*Default*: `Zip` \n*AWS CloudFormation compatibility*: This property is passed directly to the [`PackageType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype) property of an `AWS::Lambda::Function` resource\\.", "title": "PackageType" }, "PermissionsBoundary": { From dbd2837957e4077d0fddab9fe181d1f48e6818f4 Mon Sep 17 00:00:00 2001 From: paulhcsun <47882901+paulhcsun@users.noreply.github.com> Date: Thu, 21 Sep 2023 16:17:58 -0700 Subject: [PATCH 4/6] Add error handling for OverrideApiAuth property without an authorizer (#3350) --- samtranslator/model/eventsources/push.py | 6 +- ..._override_api_auth_without_authorizer.yaml | 67 +++++++++++++++++++ ..._override_api_auth_without_authorizer.json | 15 +++++ 3 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 tests/translator/input/error_api_override_api_auth_without_authorizer.yaml create mode 100644 tests/translator/output/error_api_override_api_auth_without_authorizer.json diff --git a/samtranslator/model/eventsources/push.py b/samtranslator/model/eventsources/push.py index cb07b26b9..0cea74e13 100644 --- a/samtranslator/model/eventsources/push.py +++ b/samtranslator/model/eventsources/push.py @@ -755,7 +755,11 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] # We make the call to add_auth_to_swagger() in two separate places because _add_swagger_integration() deals # specifically with cases where DefinitionBody is not defined, and below for when DefinitionBody is defined. if swagger_body and self.Auth and self.Auth.get("OverrideApiAuth"): - # TODO: refactor to remove this cast + if not (self.Auth.get("Authorizer") or self.Auth.get("ApiKeyRequired") or self.Auth.get("ResourcePolicy")): + raise InvalidEventException( + self.relative_id, + "Must define one of: Authorizer, ApiKeyRequired or ResourcePolicy when using the OverrideApiAuth property.", + ) stage = cast(str, self.Stage) editor = SwaggerEditor(swagger_body) self.add_auth_to_swagger( diff --git a/tests/translator/input/error_api_override_api_auth_without_authorizer.yaml b/tests/translator/input/error_api_override_api_auth_without_authorizer.yaml new file mode 100644 index 000000000..f0730e7b8 --- /dev/null +++ b/tests/translator/input/error_api_override_api_auth_without_authorizer.yaml @@ -0,0 +1,67 @@ +Resources: + MyApiWithLambdaRequestAuth: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + DefinitionBody: + swagger: 2.0 + info: + version: '1.0' + title: !Ref AWS::StackName + schemes: + - https + paths: + /lambda-request: + get: + x-amazon-apigateway-integration: + httpMethod: POST + type: aws_proxy + uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations + passthroughBehavior: when_no_match + responses: {} + Auth: + Authorizers: + MyLambdaRequestAuth: + FunctionPayloadType: REQUEST + FunctionArn: !GetAtt MyAuthFn.Arn + Identity: + Headers: + - Authorization1 + DefaultAuthorizer: MyLambdaRequestAuth + + MyAuthFn: + Type: AWS::Serverless::Function + Properties: + InlineCode: | + exports.handler = async (event) => { + return { + statusCode: 200, + body: JSON.stringify(event), + headers: {} + } + } + Handler: index.handler + Runtime: nodejs8.10 + + MyFn: + Type: AWS::Serverless::Function + Properties: + InlineCode: | + exports.handler = async (event) => { + return { + statusCode: 200, + body: JSON.stringify(event), + headers: {} + } + } + Handler: index.handler + Runtime: nodejs8.10 + Events: + LambdaRequest: + Type: Api + Properties: + RestApiId: !Ref MyApiWithLambdaRequestAuth + Auth: + OverrideApiAuth: true + Method: get + Path: /lambda-request diff --git a/tests/translator/output/error_api_override_api_auth_without_authorizer.json b/tests/translator/output/error_api_override_api_auth_without_authorizer.json new file mode 100644 index 000000000..6e4c815e9 --- /dev/null +++ b/tests/translator/output/error_api_override_api_auth_without_authorizer.json @@ -0,0 +1,15 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFn] is invalid. ", + "Event with id [LambdaRequest] is invalid. ", + "Must define one of: Authorizer, ApiKeyRequired or ResourcePolicy when using the OverrideApiAuth property." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFn] is invalid. Event with id [LambdaRequest] is invalid. Must define one of: Authorizer, ApiKeyRequired or ResourcePolicy when using the OverrideApiAuth property.", + "errors": [ + { + "errorMessage": "Resource with id [MyFn] is invalid. Event with id [LambdaRequest] is invalid. Must define one of: Authorizer, ApiKeyRequired or ResourcePolicy when using the OverrideApiAuth property." + } + ] +} From 6837d11f3856ca25983201271084a01930375fb1 Mon Sep 17 00:00:00 2001 From: Slava Senchenko <sencslav@amazon.com> Date: Fri, 22 Sep 2023 09:08:52 -0700 Subject: [PATCH 5/6] fix integ tests (#3351) --- .../single/basic_function_with_function_url_config.json | 4 ---- ...asic_function_with_function_url_with_autopuplishalias.json | 4 ---- integration/single/test_basic_function.py | 2 +- 3 files changed, 1 insertion(+), 9 deletions(-) diff --git a/integration/resources/expected/single/basic_function_with_function_url_config.json b/integration/resources/expected/single/basic_function_with_function_url_config.json index 59ce31d97..39e05bf38 100644 --- a/integration/resources/expected/single/basic_function_with_function_url_config.json +++ b/integration/resources/expected/single/basic_function_with_function_url_config.json @@ -10,9 +10,5 @@ { "LogicalResourceId": "MyLambdaFunctionRole", "ResourceType": "AWS::IAM::Role" - }, - { - "LogicalResourceId": "MyLambdaFunctionUrlPublicPermissions", - "ResourceType": "AWS::Lambda::Permission" } ] diff --git a/integration/resources/expected/single/basic_function_with_function_url_with_autopuplishalias.json b/integration/resources/expected/single/basic_function_with_function_url_with_autopuplishalias.json index dfc906927..679001e8e 100644 --- a/integration/resources/expected/single/basic_function_with_function_url_with_autopuplishalias.json +++ b/integration/resources/expected/single/basic_function_with_function_url_with_autopuplishalias.json @@ -18,9 +18,5 @@ { "LogicalResourceId": "MyLambdaFunctionVersion", "ResourceType": "AWS::Lambda::Version" - }, - { - "LogicalResourceId": "MyLambdaFunctionUrlPublicPermissions", - "ResourceType": "AWS::Lambda::Permission" } ] diff --git a/integration/single/test_basic_function.py b/integration/single/test_basic_function.py index 0fafde2b1..0c77bc708 100644 --- a/integration/single/test_basic_function.py +++ b/integration/single/test_basic_function.py @@ -126,7 +126,7 @@ def test_basic_function_with_url_config(self, file_name, qualifier): "MaxAge": 10, } - self.assertEqual(function_url_config["AuthType"], "NONE") + self.assertEqual(function_url_config["AuthType"], "AWS_IAM") self.assertEqual(function_url_config["Cors"], cors_config) self._assert_invoke(lambda_client, function_name, qualifier, 200) From 8934fbf6fb3a1c4b0a5797857b52f2b04ec6ed00 Mon Sep 17 00:00:00 2001 From: aws-sam-cli-bot <46753707+aws-sam-cli-bot@users.noreply.github.com> Date: Thu, 5 Oct 2023 21:17:13 +0000 Subject: [PATCH 6/6] chore: bump version to 1.77.0 --- samtranslator/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samtranslator/__init__.py b/samtranslator/__init__.py index 029892913..1d8b1fa28 100644 --- a/samtranslator/__init__.py +++ b/samtranslator/__init__.py @@ -1 +1 @@ -__version__ = "1.75.0" +__version__ = "1.77.0"