search

aws / serverless-application-model

The AWS Serverless Application Model (AWS SAM) transform is a AWS CloudFormation macro that transforms SAM templates into CloudFormation templates.
https://aws.amazon.com/serverless/sam
Apache License 2.0
9.3k stars 2.37k forks source link

AlexaSkillEvent only add permission but not hook up #613

Open Chris-Liao opened 5 years ago

Chris-Liao commented 5 years ago

Description:

I'm trying to add Alexa Skill Kit Trigger/Event to Lambda function, by doing the below Events: AlexaSkillEvent: Type: AlexaSkill in SAM template. I can see in CloudFormation, there is AWS::Lambda::Permission added. But there's no trigger added to lambda.

Is it because I didn't provide skill ID?

Steps to reproduce the issue:

  1. Add AlexaSkillEvent under function's properties.

Observed result: Lambda got deployed without Alexa Skill KIt trigger.

Expected result: Lambda got deployed with Alexa Skill KIt trigger.

keetonian commented 5 years ago

Edit: read your post again. It seems like Alexa skills may or may not actually need a trigger for lambda functions; does your function not work or were you concerned that it may not work because you did not see a trigger?

ScriptAutomate commented 5 years ago

Why This is A Problem

I'm wondering about the same thing here, as this is a blocker for me to use SAM for managing my Alexa Skill lambda backends in an automated fashion. I can successfully deploy my lambda with an Alexa Skills Kit trigger, but it is an unconfigured/empty trigger because the config doesn't provide a value for the skill id.

Is there a way to include this in the YAML, as a feature request? Otherwise, this only automates a configuration of an empty Alexa Skills Kit trigger -- which is useless, and you have to MANUALLY DELETE and MANUALLY RE-ADD the event trigger with the actual skill id. A step of manually going in and modifying automatically-configured resources is bad practice that I would like to avoid.

Empty Alexa Skills Kit triggers say the following, once added:

Skill ID verification is not set for this trigger. As a best practice, we recommend that you delete this trigger and add a new one with Skill ID verification enabled. Learn more.

If I have my skill id, this wouldn't be an issue, and the trigger would be properly configured during deployment.

Some Research

When looking at the SAM Model: Event Source Types - AlexaSkill, it has no properties listed where I can enter an id. It only seems to default to only having the principle alexa-appkit.amazon.com when it should be including the event-source-token amzn1.ask.skill.xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Documentation doesn't seem to be clear, in general (even if going the CFN template route, without the SAM transform), for how to configure an Alexa Skills Kit event source:

In the Configure the Alexa Skills Kit Triggers docs, it is detailed on how you should have the Skill ID placed in the event trigger. It also, again, makes it clear that existing triggers (such as the blank one created by sam-cli) need to be removed.

So, the CLI can seemingly do it fine but I don't seem to see proper support in raw CFN template schema, or in SAM YAML transforms.

Workaround

My current workaround is to execute the following code via aws-cli after a sam deploy, based on the Configure Triggers with the AWS CLI or Lambda API documentation here: Gist: aws-sam-cli-alexa-skill-id.sh

Note: I don't need to include the aws lambda remove-permission bit if I choose to simply exclude the following from the template.yaml since it doesn't assist in any way that I am aware of:

Events:
AlexaSkillEvent:
Type: AlexaSkill

I hope this helps, as this is a really necessary feature request for me.

ScriptAutomate commented 5 years ago

PR #363 seems to be trying to achieve exactly what this is asking for, except for Alexa Smart Home Skills specifically.

Do Alexa Smart Home Skills use a different API? Or could it be a two-birds one-stone situation?

ScriptAutomate commented 5 years ago

I found a way to do it via normal CFN resources. Further research and testing shows that the following works in the template.yaml with sam-cli, without needing to resort to a post-configuration modification via aws-cli:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Alexa App Hello World Lambda Endpoint

Mappings:
    Variables:
        AlexaSkillKit:
            Id: amzn1.ask.skill.xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Globals:
    Function:
        Timeout: 3

Resources:

    HelloWorldFunction:
        Type: AWS::Serverless::Function
        Properties:
            CodeUri: hello_world/
            Handler: app.lambda_handler
            Runtime: python3.6

    HelloWorldFunctionAskPermission:
        Type: AWS::Lambda::Permission
        DependsOn: HelloWorldFunction
        Properties:
            Action: lambda:InvokeFunction
            EventSourceToken: !FindInMap
                - Variables
                - AlexaSkillKit
                - Id
            FunctionName: !GetAtt HelloWorldFunction.Arn
            Principal: alexa-appkit.amazon.com

Outputs:

    HelloWorldFunction:
        Description: "Alexa Hello World Lambda Function ARN"
        Value: !GetAtt HelloWorldFunction.Arn

    HelloWorldFunctionIamRole:
        Description: "Implicit IAM Role created for Alexa Hello World function"
        Value: !GetAtt HelloWorldFunctionRole.Arn

    HelloWorldFunctionAlexaSkillKitId:
        Description: "Alexa Skill Permitted Lambda Invokation Permissions"
        Value: !FindInMap
            - Variables
            - AlexaSkillKit
            - Id

With this being the case, I suppose there isn't a need to create additional functionality to support this in the Serverless transform?

karngyan commented 4 years ago

@ScriptAutomate Thanks for the script man. Looking forward to simple support though.

People trying to connect Alexa Smart Home as the Event Source can change:

Principal: alexa-connectedhome.amazon.com in HelloWorldFunctionAskPermission