Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sam build fails when providing a function LayerArn with a reference to a SSM::Parameter CF param #1069

Open
ericallam opened this issue Mar 20, 2019 · 3 comments

Comments

@ericallam
Copy link

commented Mar 20, 2019

Description

When running sam build on a template that includes a Serverless::Function resource that specifies a LayerArn property with a reference to a CF Parameter name that is of Type AWS::SSM::Parameter<string> with a default value of the name of the param in param store, sam build reports an invalid Arn.

Steps to reproduce

  1. git clone https://github.com/ericallam/sam-build-ssm-parameter-layer-arn-issue.git
  2. cd sam-build-ssm-parameter-layer-arn-issue
  3. sam build --debug

Observed result

View debug output here

Expected result

sam build should resolve the actual value of the param in param store and use that to determine if the LayerArn is valid.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: macOS Mojave
  2. sam --version: 0.13.0
@jfuss

This comment has been minimized.

Copy link
Contributor

commented Mar 21, 2019

@ericallam Thanks for bringing this up. Currently SAM CLI does not do deep inspection of Parameters. I can see some value in doing this inspection and fetching the value but that means we are in this continually re-implement CloudFormation Features locally. You can use the --parameter-overrides and pass in the value of the Parameter. This is my recommendation on a path forward and is already supported.

It may make sense for sam buildto ignore some validation. To build, we don't need this Ref resolved. I think we change this issue to capture not failing build on unresolved Refs (specifically for Layers, but there could be other cases). Thoughts?

@tunagami

This comment has been minimized.

Copy link

commented Jul 4, 2019

I am another wishing for a fix/change for this as well...

sam --version: 0.17.0

Using SSM parameters for SAM template parameters is VERY nice. Not validating the Ref would be very OK in the sam build step since I ASSUME the build is there to pack up your code nicely into a package to be upload-able to S3.

Since you are not bundling up the Layers themselves in the code in the SAM Build Step, it makes sense to at least ignore the Layers property of AWS::Serverless::Function.Properties.

So, I hope to hear that this is something to be fixed in a new-er version in the near future. I prefer to keep my sam build steps pretty clean and in line with all of the 'default' parameter settings.

@chizou

This comment has been minimized.

Copy link

commented Jul 25, 2019

I get that using --parameter-overrides works, but it's a really non-intuitive way to need to get sam build to work when we want to pass any AWS::SSM parameter types.

It may make sense for sam build to ignore some validation. To build, we don't need this Ref resolved.

This is exactly how it should behave if the Ref is an AWS::SSM::* parameter. I would imagine a reasonable person wouldn't expect the parameter value be resolved at build time. Or at the very least, if sam build detects this type of parameter, it should output some kind of warning about needing to use a --parameter-override to pass the validation.

Otherwise, one has to search Github issues to find this solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.