CloudFront creation fails in Edge mode.

mmLost commented 2 weeks ago

ver.0.0.418

In SvelteKit's Minimal example .

I just started local with npm run dev, If edge mode is enabled, Cloudfront creation fails.

sst.config.ts

export default $config({
app(input) {
return {
  name: input.stage === "dev" ? "svelte-dev" : "prod",
  removal: "remove",
  home: "aws",
  providers: {
    aws: {
      profile: "profile-name",
      region: "us-east-1",
    }
  }
};
},
async run() {
new sst.aws.SvelteKit("MyWeb", {
  edge: true,
});
},
});

Error:

MyWeb sst:aws:SvelteKit → MyWebCdnDistribution aws:cloudfront:Distribution Distribution: operation error CloudFront: CreateDistributionWithTags, https response error StatusCode: 400, RequestID: ***, InvalidLambdaFunctionAssociation: The function cannot have environment variables.

Problem Failure because SST_RESOURCE_App is automatically registered in the environment variable.
In Edge mode, environment variable settings should be skipped.

スクリーンショット 2024-06-11 13 22 34

.sst/platform/src/components/aws/function.ts

    function normalizeEnvironment() {
      return all([args.environment, dev, args.link]).apply(
        ([environment, dev, link]) => {
          const result = environment ?? {};
          result.SST_RESOURCE_App = JSON.stringify({
            name: $app.name,
            stage: $app.stage,
          });
          if (dev) {
            result.SST_FUNCTION_ID = name;
            result.SST_APP = $app.name;
            result.SST_STAGE = $app.stage;
            // result.SST_LINK = (link || []).map((l) => l.urn).join(",");
          }
          return result;
        },
      );
    }

mmLost commented 2 weeks ago

When I tried to correct the relevant section, the following error occurred.

MyWebEdgeServer sst:aws:Function → MyWebEdgeServerFunction aws:lambda:Function Lambda: DeleteFunction, https response error StatusCode: 400, RequestID: ****, InvalidParameterValueException: Lambda was unable to delete arn:aws:lambda:us-east-1:***:function:**-MyWebEdgeServerFunction:1 because it is a replicated function. Please see our documentation for Deleting Lambda@Edge Functions and Replicas.

I have adjusted the createRole function and have confirmed that it works. Since there is no Edge in function.ts, the trial is based on whether there is an Edge in Name.

.sst/platform/src/components/aws/function.ts

    function createRole() {
      if (args.role) return;

      const policy = all([args.permissions || [], linkPermissions, dev]).apply(
        ([argsPermissions, linkPermissions, dev]) =>
          aws.iam.getPolicyDocumentOutput({
            statements: [
              ...argsPermissions,
              ...linkPermissions,
              ...(dev
                ? [
                    {
                      actions: ["iot:*"],
                      resources: ["*"],
                    },
                  ]
                : []),
            ],
          }),
      );

      const services = ["lambda.amazonaws.com"]
      if (name.includes("Edge")) {
        services.push("edgelambda.amazonaws.com")
      }

      return new aws.iam.Role(
        `${name}Role`,
        transform(args.transform?.role, {
          assumeRolePolicy: !$dev
            ? aws.iam.assumeRolePolicyForPrincipal({
                Service: services,
              })
            : aws.iam.getPolicyDocumentOutput({
                statements: [
                  {
                    actions: ["sts:AssumeRole"],
                    principals: [
                      {
                        type: "Service",
                        identifiers: services,
                      },
                      {
                        type: "AWS",
                        identifiers: [
                          interpolate`arn:aws:iam::${
                            aws.getCallerIdentityOutput().accountId
                          }:root`,
                        ],
                      },
                    ],
                  },
                ],
              }).json,
          // if there are no statements, do not add an inline policy.
          // adding an inline policy with no statements will cause an error.
          inlinePolicies: policy.apply(({ statements }) =>
            statements ? [{ name: "inline", policy: policy.json }] : [],
          ),
          managedPolicyArns: [
            "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
            ...(args.vpc
              ? [
                  "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole",
                ]
              : []),
          ],
        }),
        { parent },
      );
    }

jayair commented 2 weeks ago

Where are you getting edge: true from btw?

mmLost commented 2 weeks ago

It was found in the options of SvelteKitArgs.

.sst/platform/src/components/aws/svelte-kit.ts Line 223.

  /**
   * [server-function](#nodes-server) location.
   *
   * By default, it is deployed to AWS Lambda in a single region. Enable this option if you want to deploy to Lambda@Edge instead.
   * Default is `false`.
   * Internal
   */
  edge? input<boolean>;

jayair commented 6 days ago

Oh yeah, not meant for public use just yet. We'll look at this in the future. Closing for now.

sst / ion

CloudFront creation fails in Edge mode. #534