search

aws / aws-sam-cli

CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM
https://aws.amazon.com/serverless/sam/
Apache License 2.0
6.48k stars 1.16k forks source link

Bug: Cannot use intrinsic "Fn::If:" function on CodeUri property of AWS::Serverless::Function resource #4308

Open ceberz opened 1 year ago

ceberz commented 1 year ago

Description:

Using the intrinsic conditional on the CodeUri property of AWS::Serverless::Function ends in failure both on CloudFormation deployment and when trying to use sam local start-api locally.

Issue aws/serverless-application-model#22 mentions added support for intrinsic functions on this very field (CodeUri). It does not mention support for Fn::If specifically, but even the functions specifically named (such as Fn::Sub) led to the same error on deploy. I'm wondering if there's some caveat that I'm just not getting, or if something else is going on.

Further down the thread in issue aws/serverless-application-model#22 @aaronp-hd claims that they've gotten this exact scenario to work, but while I'm pretty sure I'm following their example to the letter I still get the error.

Steps to reproduce:

In a template with a defined condition, use intrinsic Fn::If function on the CodeUri property of a AWS::Serverless::Function resource. Try to build and deploy with sam build and sam deploy.

AWSTemplateFormatVersion: 2010-09-09
Description: 'sample yaml to reproduce'
Transform:
  - AWS::Serverless-2016-10-31
Parameters:
  SomeParameter:
    Type: String
    AllowedValues:
      - true
      - false 
Conditions:
  SomeCondition: !Equals [!Ref SomeParameter, true]
Resources:
  SomeFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri:
        Fn::If:
          - SomeCondition
          - some/path/to/a-zip-file.zip
          - some/other/path/to/a-zip-file.zip
      Description: some example
      Handler: path/to/handler.handler
      Events:
        GetFoo:
          Type: Api
          Properties:
            Method: get
            Path: /some/path
            RestApiId: !Ref SomeApiDefinedInTemplate # but not included here
      PackageType: Zip
      Policies:
        - AWSLambdaBasicExecutionRole
      Timeout: 100

Observed result:

On deployment I get this error:

Waiting for changeset to be created..
Error: Failed to create changeset for the stack: some-stack-name, ex: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state: For expression "Status" we matched expected path: "FAILED" Status: FAILED. Reason: Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [SomeFunction] is invalid. 'CodeUri' requires Bucket and Key properties to be specified.

...and when running locally the error is a little different:

[1] Skip pulling image and use local one: samcli/lambda:nodejs14.x-x86_64-f88a901bbe51b578e9260ae49.
[1]
[1] Mounting /private/var/folders/dn/ky7l94j108l0d_cb_yh3cynxppbryd/T/tmph0jwoae7 as /var/task:ro,delegated inside runtime container
[1] Skip pulling image and use local one: samcli/lambda:nodejs14.x-x86_64-f88a901bbe51b578e9260ae49.
[1]
[1] Mounting /private/var/folders/dn/ky7l94j108l0d_cb_yh3cynxppbryd/T/tmp5rf2vt0m as /var/task:ro,delegated inside runtime container
[1] Skip pulling image and use local one: samcli/lambda:nodejs14.x-x86_64-f88a901bbe51b578e9260ae49.
[1]
[1] Mounting /private/var/folders/dn/ky7l94j108l0d_cb_yh3cynxppbryd/T/tmpihz3w3bb as /var/task:ro,delegated inside runtime container
[1] Lambda functions containers initialization failed because of Can not observe non exist path
[1] Error: Lambda functions containers initialization failed

The above error is logged right before the process would normally log "[1] Containers Initialization is done." on a healthy run.

Expected result:

Successful deployment and successful start-up of sam local start-api.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: MacOS 12.4
  2. SAM CLI version 1.53.0
  3. AWS region: us-west-2
mndeveci commented 1 year ago

Thanks for reporting this issue.

SAM and SAM CLI has some basic intrinsics support and unfortunately it doesn't cover all cases at the moment.

I will be discussing this issue with the team to find a path forward.

aphonso commented 1 year ago

Any news about this topic? I have the same exact issue.

bmckinle commented 4 months ago

Any update on this issue? I'm still seeing it using cdk synth and then using sam local start ....