Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Enable using AWS::NoValue to omit Role parameter in SAM Function #3728

Open
SherrryX opened this issue Mar 3, 2025 · 2 comments
Open

[Feature Request] Enable using AWS::NoValue to omit Role parameter in SAM Function #3728

SherrryX opened this issue Mar 3, 2025 · 2 comments
Labels
contributors/welcome Contributors are welcome to work on this stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at.

Comments

@SherrryX
Copy link

SherrryX commented Mar 3, 2025

We want to implement optional role configuration in SAM function templates. This would work in two ways:

  • When a role ARN is provided, the function will use the specified role
  • When no role is provided, SAM will automatically create an execution role

Please consider to allow Cloudformation AWS::NoValue for this use case. SAM currently does not support AWS::NoValue probably due to this code.
@SherrryX SherrryX added the stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at. label Mar 3, 2025
@valerena valerena added the contributors/welcome Contributors are welcome to work on this label Mar 4, 2025
@valerena
Copy link
Contributor

valerena commented Mar 4, 2025

Thanks for your feature request. Can you add an example of the use case where this would be used?

SAM transform doesn't know the value of parameters during the transform, so it won't be able to know exactly the result of the condition, but we can make this work in SAM's code by adding a condition to the role resource created, so it only gets created depending on the same condition that you put in the function's role.

A workaround that exists right now for this use case would be to use the AWS::LanguageExtensions transform, which effectively resolves the !If and the AWS::NoValue before it gets passed to the SAM transform, so SAM will directly get the role name only in the right case and will receive nothing when the condition is false (therefore, SAM will create the role)

Just remember to add the LanguageExtensions transform before the Serverless transform:

Transform:
  - AWS::LanguageExtensions
  - AWS::Serverless-2016-10-31

We will still track this as a feature request, and we're open to contributions if you or someone else wants to send a Pull Request for this.

@SherrryX
Copy link
Author

SherrryX commented Mar 4, 2025

Thanks Renato for providing this workaround! It seems to be working for my use case, however SAR does not support AWS::LanguageExtensions.

Can you add an example of the use case where this would be used?
We have SAM templates for customers to deploy lambdas. Currently SAM will create the execution role automatically. We would like to allow customers to provide their own roles when needed, so the current SAM templates need to allow conditions: if a role is given, lambda is created with the given role; if a role is not given, SAM creates one by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contributors/welcome Contributors are welcome to work on this stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@valerena @SherrryX