search

aws / aws-sam-cli

CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM
https://aws.amazon.com/serverless/sam/
Apache License 2.0
6.5k stars 1.17k forks source link

Bug: Functions are permitted with invalid `MemorySize` #6510

Closed davidjb closed 5 months ago

davidjb commented 8 months ago

Description:

As described in https://github.com/aws/aws-sam-cli/issues/6110, SAM (build, local invoke, etc) doesn't attempt to validate values for function MemorySize.

This value should be with 128 and 10240 MB according to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-memorysize but values such as 1, -1, etc are allowed. For a Docker-based local invocation, a value < 6 MB will cause Docker to refuse to start the container.

Steps to reproduce:

  1. Create template.yml:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: myfunction
      Handler: app.lambdaHandler
      Runtime: python3.11
      MemorySize: 1
  1. Run builds and observe results, as per next section below.

Observed result:

sam build MyFunction succeeds, despite MemorySize: 1 being an invalid value. Trying to invoke sam local invoke MyFunction fails because Docker requires a minimum of 6MB of memory allocated:

```sh
Error: 400 Client Error for http+docker://localhost/v1.35/containers/create: Bad Request ("Minimum memory limit allowed is 6MB")
Traceback:
...
```

Expected result:

Validation errors would be shown when the SAM config is loaded, before the values are used for building and builds would not succeed when invalid values are used.

As per https://github.com/aws/aws-sam-cli/issues/3244, this value will be validated but only at deploy time, assuming you're able to create a configuration that is able to be built but not deploy.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

{
  "version": "1.105.0",
  "system": {
    "python": "3.11.6",
    "os": "Linux-6.4.16-linuxkit-aarch64-with-glibc2.35"
  },
  "additional_dependencies": {
    "docker_engine": "24.0.6",
    "aws_cdk": "Not available",
    "terraform": "Not available"
  },
  "available_beta_feature_env_vars": [
    "SAM_CLI_BETA_FEATURES",
    "SAM_CLI_BETA_BUILD_PERFORMANCE",
    "SAM_CLI_BETA_TERRAFORM_SUPPORT",
    "SAM_CLI_BETA_RUST_CARGO_LAMBDA"
  ]
}
mildaniel commented 8 months ago

Thanks @davidjb. This particular validation is relevant to subsequent local commands, so to me this seems like something worth implementing. I will take it to the team for prioritization.

hawflau commented 5 months ago

The expectation of this issue was the feature request in #3244. We will track that feature request there. For this issue specifically, our fix is to catch and handle the container creation error and display an error message. Customers can also run sam validate --lint to validate their template, although not the exact functionality suggested in #3244

github-actions[bot] commented 5 months ago

Patch is released in v1.115.0. Closing