jlhood
commented
5 years ago @dave-graham Thanks so much for opening this issue! We are definitely interested in documenting SAM best practices. We're trying to migrate our docs to the official AWS SAM Developer Guide. Those docs are also open source, so others can contribute to them as well.
We'll talk to our docs person to figure out what they think is the best way to proceed on this. For now, why don't you open a PR that adds a docs page to this repo with a skeleton doc and a list of best practices you'd like to see covered. Then we can iterate on that to make progress in this direction while we're working out the logistics on our end?
keetonian
SAM enables you to implement best practices very simply and easily, but finding these best practices, and how to implement, can sometimes be hard.
I propose we create a documentation page or section that lists best practices when using SAM, and how to simply implement them.
The reason I'm raising this is linked to issue #757 where it took me 6 months to find that SAM had a built in way of simply limiting dynamo db access to 1 table with 2 lines of code. Up until then I'd been permitting my lambdas to have full dynamo db access across all dbs.
With OWASP calling out broken access control as one of their serverless top 10, I believe that calling out this and other best practices will benefit SAM as a product, and serverless computing as a whole.
I'm opening this discussion to get feedback on if this would help, and if so what format should it take, and what best practices need to be highlighted.