forked from aws/serverless-application-model
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSAMConfig
More file actions
279 lines (213 loc) · 9.07 KB
/
SAMConfig
File metadata and controls
279 lines (213 loc) · 9.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
CloudFormation Resources Generated By SAM
=========================================
.. contents::
:local:
:backlinks: none
When you create a Serverless Function or a Serverless API, SAM will create additional AWS resources to wire everything up.
For example, when you create a ``AWS::Serverless::Function``, SAM will create a Lambda Function resource
along with an IAM Role resource to give appropriate permissions for your function. This document describes all
such generated resources, how they are named, and how to refer to them in your SAM template.
AWS::Serverless::Function
-------------------------
Given a Function defined as follows:
.. code:: yaml
MyFunction:
Type: AWS::Serverless::Function
Properties:
...
Following resources will be generated:
================================== ================================
CloudFormation Resource Type Logical ID
================================== ================================
AWS::Lambda::Function MyFunction
AWS::IAM::Role MyFunction\ **Role**
================================== ================================
With AutoPublishAlias Property
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Example:
.. code:: yaml
MyFunction:
Type: AWS::Serverless::Function
Properties:
...
AutoPublishAlias: live
...
Additional generated resources:
================================== ================================
CloudFormation Resource Type Logical ID
================================== ================================
AWS::Lambda::Version MyFunction\ **Version**\ *SHA* (10 digits of SHA256 of CodeUri)
AWS::Lambda::Alias MyFunction\ **Alias**\ *live*
================================== ================================
With DeploymentPreference Property
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Example:
.. code:: yaml
MyFunction:
Type: AWS::Serverless::Function
Properties:
...
AutoPublishAlias: live
DeploymentPreference:
Type: Linear10PercentEvery10Minutes
Role: "arn"
...
Additional generated resources:
================================== ================================
CloudFormation Resource Type Logical ID
================================== ================================
AWS::CodeDeploy::Application ServerlessDeploymentApplication (only one per stack)
AWS::CodeDeploy::DeploymentGroup MyFunction\ **DeploymentGroup**
AWS::IAM::Role CodeDeployServiceRole
================================== ================================
NOTE: ``AWS::IAM::Role`` resources are only generated if no Role parameter is supplied for DeploymentPreference
With Events
~~~~~~~~~~~
A common theme with all Events is SAM will generate a ``AWS::Lambda::Permission`` resource to give event source
permission to invoke the function. Other generated resources depend on the specific event type.
API
^^^
This is called an "Implicit API". There can be many functions in the template that define these APIs. Behind the
scenes, SAM will collect all implicit APIs from all Functions in the template, generate a Swagger, and create an
implicit ``AWS::Serverless::Api`` using this Swagger. This API defaults to a StageName called "Prod" that cannot be
configured.
.. code:: yaml
MyFunction:
Type: AWS::Serverless::Function
Properties:
...
Events:
ThumbnailApi:
Type: Api
Properties:
Path: /thumbnail
Method: GET
...
Additional generated resources:
================================== ================================
CloudFormation Resource Type Logical ID
================================== ================================
AWS::ApiGateway::RestApi *ServerlessRestApi*
AWS::ApiGateway::Stage *ServerlessRestApi*\ **Prod**\ Stage
AWS::ApiGateway::Deployment *ServerlessRestApi*\ Deployment\ *SHA* (10 Digits of SHA256 of Swagger)
AWS::Lambda::Permission MyFunction\ **ThumbnailApi**\ Permission\ **Prod**
(Prod is the default Stage Name for implicit APIs)
================================== ================================
NOTE: ``ServerlessRestApi*`` resources are generated one per stack.
HTTP API
^^^^
This is called an "Implicit HTTP API". There can be many functions in the template that define these APIs. Behind the
scenes, SAM will collect all implicit HTTP APIs from all Functions in the template, generate an OpenApi doc, and create an
implicit ``AWS::Serverless::HttpApi`` using this OpenApi. This API defaults to a StageName called "$default" that cannot be
configured.
.. code:: yaml
MyFunction:
Type: AWS::Serverless::Function
Properties:
...
Events:
ThumbnailApi:
Type: HttpApi
Properties:
Path: /thumbnail
Method: GET
...
Additional generated resources:
================================== ================================
CloudFormation Resource Type Logical ID
================================== ================================
AWS::ApiGatewayV2::Api *ServerlessHttpApi*
AWS::ApiGatewayV2::Stage *ServerlessHttpApiApiGatewayDefaultStage*
AWS::Lambda::Permission MyFunction\ **ThumbnailApi**\ Permission
================================== ================================
NOTE: ``ServerlessHttpApi*`` resources are generated one per stack.
Cognito
^^^^^^^
Example:
.. code:: yaml
MyFunction:
Type: AWS::Serverless::Function
Properties:
...
Events:
CognitoTrigger:
Type: Cognito
Properties:
UserPool: !Ref MyUserPool
Trigger: PreSignUp
...
MyUserPool:
Type: AWS::Cognito::UserPool
Additional generated resources:
================================== ================================
CloudFormation Resource Type Logical ID
================================== ================================
AWS::Lambda::Permissions *MyFunction*\ CognitoPermission
AWS::Cognito::UserPool Existing MyUserPool resource is modified to append ``LambdaConfig``
property where the Lambda function trigger is defined
================================== ================================
NOTE: You **must** refer to a Cognito UserPool defined in the same template. This is for two reasons:
1. SAM needs to add a ``LambdaConfig`` property to the UserPool resource by reading and modifying the
resource definition
2. Lambda triggers are specified as a property on the UserPool resource. Since CloudFormation cannot modify a resource
created outside of the stack, this bucket needs to be defined within the template.
S3
^^
Example:
.. code:: yaml
MyFunction:
Type: AWS::Serverless::Function
Properties:
...
Events:
S3Trigger:
Type: S3
Properties:
Bucket: !Ref MyBucket
Events: s3:ObjectCreated:*
...
MyBucket:
Type: AWS::S3::Bucket
Additional generated resources:
================================== ================================
CloudFormation Resource Type Logical ID
================================== ================================
AWS::Lambda::Permission MyFunction\ **S3Trigger**\ Permission
AWS::S3::Bucket Existing MyBucket resource is modified to append ``NotificationConfiguration``
property where the Lambda function trigger is defined
================================== ================================
NOTE: You **must** refer to an S3 Bucket defined in the same template. This is for two reasons:
1. SAM needs to add a ``NotificationConfiguration`` property to the bucket resource by reading and modifying the
resource definition
2. Lambda triggers are specified as a property on the bucket resource. Since CloudFormation cannot modify a resource
created outside of the stack, this bucket needs to be defined within the template.
SNS
^^^
Example:
.. code:: yaml
MyFunction:
Type: AWS::Serverless::Function
Properties:
...
Events:
MyTrigger:
Type: SNS
Properties:
Topic: arn:aws:sns:us-east-1:123456789012:my_topic
SqsSubscription:
QueuePolicyLogicalId: CustomQueuePolicyLogicalId
QueueArn: !GetAtt MyCustomQueue.Arn
QueueUrl: !Ref MyCustomQueue
BatchSize: 5
Enabled: true
...
Additional generated resources:
================================== ================================
CloudFormation Resource Type Logical ID
================================== ================================
AWS::Lambda::Permission MyFunction\ **MyTrigger**\ Permission
AWS::Lambda::EventSourceMapping MyFunction\ **MyTrigger**\ EventSourceMapping
AWS::SNS::Subscription MyFunction\ **MyTrigger**
AWS::SQS::Queue MyFunction\ **MyTrigger**\ Queue
AWS::SQS::QueuePolicy MyFunction\ **MyTrigger**\ QueuePolicy
================================== ================================