Replies: 37 comments 6 replies
-
I believe this would solve the major issue we're currently having, that is, sharing a single API Gateway across multiple AWS::Serverless::Application's. This would allow us to define groups of lambdas and endpoints in a modular way (in a sub stack) and then bring them all together in a unified API front end. This would be a huge win for those experiencing the pain of 200 resource limit, max policy size limits, or juggling multiple gateways for a "single" API. |
Beta Was this translation helpful? Give feedback.
-
Definitely useful. I think this is a good first pass. Vague things on my mind:
|
Beta Was this translation helpful? Give feedback.
-
Thanks for the feedback, @mikebroberts!
I think we can simplify it to only require FunctionName and then construct the ARN if necessary assuming the function is owned in the same account (see below for why cross-account wouldn't be supported).
Good question. In cases where I've seen traffic shifting used, you end up doing something like
This is an interesting use case. After playing around with this, I don't see a way SAM can help in the cross-account case, because when you use SAM to add an event trigger to a function, it creates an |
Beta Was this translation helpful? Give feedback.
-
We were discussing this today and while we agreed NestedApp:
Type: AWS::Serverless::Application
Properties:
Location:
ApplicationId: <app id>
SemanticVersion: 1.0.0
FunctionReferences:
NestedFunctionName: # the key is the nested app output that should be used as the FunctionName property of the underlying FunctionReference
MyApiTrigger:
Type: Api
Properties:
Path: /
Method: GET
MySQSTrigger:
Type: SQS
Properties:
# ... Concerns:
Wanted to put this out to the community for feedback. @sgates @mikebroberts Any strong objections or feedback? |
Beta Was this translation helpful? Give feedback.
-
I think this makes sense - In this scenario, the API Gateway still lives in the main template, and then groups of lambdas (the NestedApps) would effectively be given access to it through the FunctionReferences in the main template? If I'm understanding that correctly I think that would be fine. Would this mean in the nested stack, the lambdas defined there don't need Event properties because those "trickle down" from the main template?
|
Beta Was this translation helpful? Give feedback.
-
Thanks for the quick response, @sgates! In general, this is more a developer experience/syntax discussion, not changing the proposed functionality described in the original
I'll play around with the syntax. You're right that we might be able to get it even closer to the Events syntax. The only caveat is that we have to map the function name somewhere, although the Events object keys could do that as long as we're willing to accept the risk of my 3rd concern.
The nested stack template would have to include the function name as a template output, but would not have to export the output.
Thanks, that's helpful feedback! |
Beta Was this translation helpful? Give feedback.
-
I think this is the closest I can get to looking like the Events property of # Example nested SAR application that creates a function and outputs the function's name and ARN as template output variables: NestedFunctionName
NestedApp:
Type: AWS::Serverless::Application
Properties:
Location:
ApplicationId: <app id>
SemanticVersion: 1.0.0
Events:
NestedFunctionName: # This tells SAM to use !GetAtt NestedApp.Outputs.NestedFunctionName whenever we need the function name
- Type: SQS
Properties:
Queue: !GetAtt MyQueue.Arn
BatchSize: 10
- Type: Api
Properties:
Path: /
Method: GET I had to turn it into an array of event triggers, because normally SAM uses different keys for different event triggers, but if we're using the key for the function name, we need a way to support multiple event triggers on the same function. |
Beta Was this translation helpful? Give feedback.
-
This makes sense to me, and the syntax isn't as confusing as the previous version because it explicitly calls out "Events" - more intuitive IMO. Thanks for all the effort on this! |
Beta Was this translation helpful? Give feedback.
-
@jlhood To me this looks like it's going in the right direction. The only thing I see that may be a potential issue is integration with an OpenAPI document via the DefinitionBody parameter in an For example:
In the OpenAPI document you might have an APIG integration like so:
However, maybe your solution just means a change of |
Beta Was this translation helpful? Give feedback.
-
@jlhood any further updates? |
Beta Was this translation helpful? Give feedback.
-
@TeddyHandleman You're right that if someone is managing their own swagger definition body, they would need to substitute the nested application output function in the API GW integration as you specified. |
Beta Was this translation helpful? Give feedback.
-
Sorry for the delay on this one. Updated the top-level comment with the finalized spec based on the discussion in this issue. Really appreciate the feedback, everyone! Removing the RFC prefix from the title. Next step is to implement this. It's not currently prioritized internally so I'll add the looking for contributors label in case someone from the community can take this on. |
Beta Was this translation helpful? Give feedback.
-
Implementation notes:
|
Beta Was this translation helpful? Give feedback.
-
This sounds great. I would like to work on this. I have a question about this proposal though. Since the actual function is outside in all cases outside the current template and a role has probably already been assigned to it how would are the proper permissions given to that role? For example: Is there a solution for this? |
Beta Was this translation helpful? Give feedback.
-
I believe that the developer creating the function would need to create the role with the correct permissions attached. I don't see a way to add that policy to an existing role. In the case of your DDB Stream example, the developer would need to give the lambda execution role the correct permissions, and the new We discussed this RFC today, and decided that the |
Beta Was this translation helpful? Give feedback.
-
If my understanding of the proposal is correct, it would not be possible to have a parent stack that defines a shared api gateway and a nested SAR application that will directly add event triggers to the shared api gateway. The event triggers for the function would need to be added in the parent stack as FunctionReferences. I wish that would be possible, so it would support the following use case: A number of SAR applications are included in a parent stack to form a complete product for a client. Imagine that there are lots of clients. If a client needs functionality X, I would like to simply add the corresponding SAR application to the parent stack. This way the parent stack would be very concise. If I need to add FunctionReferences to the parent stack, it becomes less concise. Are there others in the community that see the benefit of supporting this use case? @jlhood, sorry for being late with this. I am aware that this is being implemented now. Better late than never, I hope. |
Beta Was this translation helpful? Give feedback.
-
I decided to write my own macro function that will allow me to define shared api gateway in parent stack and then use reference to exported api gateway from separated SAM stacks. You can find my project here https://github.com/4-cube/cf-shared-apigwv2 Currently, only ApiGatewayV2 (HttpApi) is supported and there is no support to specify Auth per event (I plan to add support for this). |
Beta Was this translation helpful? Give feedback.
-
Hey just wanted to know whether this feature is out or not basically our problem is something like this- We want all our api resource to have the same endpoint (base url if you may) as all of this one web app api routes but the problem is that we hit 200 resource limit on SAM so now we are trying to group and break each feature (lambda, layers, api events related to that feature) in each child template but as far as I see there's no provision to break a api gateway into multiple template resource or make it in parent template and import into any of these child template resources. So if you have any comments in that or have any way outs it would really help me going. and as always appreciate your efforts. |
Beta Was this translation helpful? Give feedback.
-
Working with AWS Support Engineer who pointed me to this issue. Adding a trivial comment in this issue, so I can be updated on this issue. Ultimately, I have a parent APIG created in CloudFormation, then a CodePipeline that "deploys" a SAM template - which I was hoping to deploy a lambda function using the |
Beta Was this translation helpful? Give feedback.
-
I want to be able to create isolate SAM applications and I want to attach these functions to an existing API Gateway. I'm reading through this long thread to check where this ticket is at and if its solves this case or another. Events:
Post:
Type: Api
Properties:
Path: /
Method: Post
RestApiId:
Ref: !Ref EvalautorApiId Maybe its better related to #349 I found these tickets via this StackOverflow post: |
Beta Was this translation helpful? Give feedback.
-
Okay I'm back and I have my own solution which I posted over here (CFN templates included): My Solutions: I wanted to attach services to an existing API Gateway, So instead of using implicit events where SAM relies on generating out a Swagger template, I just explicitly defined an I can't test via I don't care about nesting or import values so this solution works well for me. |
Beta Was this translation helpful? Give feedback.
-
I am back :-) Redid the changes from the old PR on fresh develop checkout (it was a while ago)... Added two examples in the integration tests. One of the integration tests uses an application from the serverlessrepo that I created for this purpose. I am pretty sure all scenarios described in top of this issue are supported. If we go ahead with this PR, I can add the needed documentation changes. Let me know whats missing and how we can move forward. |
Beta Was this translation helpful? Give feedback.
-
Hey everyone! Any progress on this feature? @Jacco @jlhood We're looking to move to nested applications to avoid the resource limit and can see this feature adding massive value in terms of sharing an API Gateway and having multiple nested applications with functions reference the API Gateway! Thank you for all your work! |
Beta Was this translation helpful? Give feedback.
-
@sgates Hello, we are hitting the same problem of the stack resource limit. However in your reply you mentioned you are working with multiple APIs. Then,
|
Beta Was this translation helpful? Give feedback.
-
any update on this issue? we really want to bind functions to an existing api gateway. |
Beta Was this translation helpful? Give feedback.
-
I agree, I think there are a number of use cases for adding integrations to existing API Gateways from separate stacks. I personally like to group my Lambdas and APIs by domain/subdomain in order to isolate changes in repositories and stacks. To keep a reasonable number of (Edge Optimized) API Gateways it makes sense to share Gateways rather than have one per subdomain. This is in addition to the stack limitations folks have previously mentioned. We are resorting to using explicit Gateway Stack snippet:
Lambda Stack snippet:
|
Beta Was this translation helpful? Give feedback.
-
This is a proposed solution following an RFC process to #2734 |
Beta Was this translation helpful? Give feedback.
-
In March 2021, API Gateway added base path mapping support, which may help solve this problem. With base path mapping, you can have a central API custom domain with nested stacks that define an AWS::ApiGatewayV2::ApiMapping resource and a AWS::Serverless::Api resource that AWS::Serverless::Function resources can map events to. Here's an example with demo code: https://aws.amazon.com/blogs/compute/using-multiple-segments-in-amazon-api-gateway-base-path-mapping/ Would this meet your needs? |
Beta Was this translation helpful? Give feedback.
-
This feature would help a lot |
Beta Was this translation helpful? Give feedback.
-
Any news on this? It would be much appreciated to have an official workaround using mappings or support importing the RestApiId from another stack. |
Beta Was this translation helpful? Give feedback.
-
Update: This top-level comment contains the finalized spec based on feedback from the community. Next step is implementation. We're looking for contributors who can help implement this feature. Thanks!
Description:
Per #349 (comment), creating a separate RFC for a SAM syntax that would allow functions provided by nested applications (
AWS::Serverless::Application
) to be attached to event triggers via the same Events syntax asAWS::Serverless::Function
resources.High-Level Approach: Add a new SAM resource type:
AWS::Serverless::FunctionReference
. It doesn't create a newAWS::Lambda::Function
resource. Instead, it allows you to specify the name and ARN of an existing function and then attach event sources to it using the exact same Events syntax asAWS::Serverless::Function
.The nice thing about this approach is it's not strictly tied to nested apps. It could be used with Fn::ImportValue for example, if you want to add triggers to a function created in a separate stack in your account.
However, we will offer a simplified syntax for the nested application use case specifically.
Example 1: Nested stack with function reference
Example 2: Nested application with function reference
Example 3: More compact syntax for nested application use case
Example 4: Attaching events to function whose name is exported by a different stack
Notes/Questions:
Beta Was this translation helpful? Give feedback.
All reactions