aws-sam

问题 I'm using SAM CLI v0.8.1. I'm trying to set environmental variable MY_TABLE_VAR as name of the table in my resources (MyTableResource). However, while running my app locally, the MY_TABLE_VAR is undefined. Can you tell me what's wrong in my template and how can I set it properly? Following is my SAM template: Globals: Function: Timeout: 30 Runtime: nodejs8.10 Environment: Variables: MY_TABLE_VAR: !Ref MyTableResource Resources: MyTableResource: Type: AWS::Serverless::SimpleTable Properties:

问题 In the below rule: { "Condition": { "StringLikeIfExists": { "iam:PassedToService": "lambda.amazonaws.com" } }, "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::${AWS::AccountId}:role/some-role*" ], "Effect": "Allow" } We are using this rule for cloud formation stack creation of SAM template( sam deploy ). SAM template has lambda and custom roles for lambda. What exactly are we saying with the above rule? 回答1: In short, the statement says that you can assign role with name that starts

问题 I have an apparently-simple requirement to create a proxy resource in SAM (Amazon's Serverless Application Model). So simple in fact that Amazon's documentation appears to leave this as an exercise to the reader! I want to create an AWS API Gateway catch-all endpoint to proxy everything to another HTTP service. In the AWS Console, the configuration I am trying to build looks as follows: I have seen this excellent post by Christian Johansen and his related Stack Overflow question here for how

问题 Below is the custom execution role( some-role-serv-LogicalID-GDGGGGGBMW2 ) created for lambda function( AWS::Serverless::Function ) written using SAM template: { "permissionsBoundary": { "permissionsBoundaryArn": "arn:aws:iam::111222333444:policy/some-permission-boundary", "permissionsBoundaryType": "Policy" }, "roleName": “some-role-serv-LogicalID-GDGGGGGBMW2”, "policies": [ { "document": { "Version": "2012-10-17", "Statement": [ { "Action": "sqs:*", "Resource": "arn:aws:sqs:us-east-1

问题 Below is the custom execution role( some-role-serv-LogicalID-GDGGGGGBMW2 ) created for lambda function( AWS::Serverless::Function ) written using SAM template: { "permissionsBoundary": { "permissionsBoundaryArn": "arn:aws:iam::111222333444:policy/some-permission-boundary", "permissionsBoundaryType": "Policy" }, "roleName": “some-role-serv-LogicalID-GDGGGGGBMW2”, "policies": [ { "document": { "Version": "2012-10-17", "Statement": [ { "Action": "sqs:*", "Resource": "arn:aws:sqs:us-east-1

问题 Below is the SAM template that tries giving explicit name( some_name ) to restApi resource on AWS: SampleApi: Type: AWS::Serverless::Api Properties: Name: some_name But I see the events in stack creation as: User: arn:aws:sts::1111222333344:assumed-role/some-role/i-34454503ea88 is not authorized to perform: apigateway:DELETE on resource: arn:aws:apigateway:us-east-1::/restapis/vxrf0gfs2a where vxrf0gfs2a is the random name of restApi Cloudformation stack creates Api gateway with explicit name

问题 Below is the SAM template that tries giving explicit name( some_name ) to restApi resource on AWS: SampleApi: Type: AWS::Serverless::Api Properties: Name: some_name But I see the events in stack creation as: User: arn:aws:sts::1111222333344:assumed-role/some-role/i-34454503ea88 is not authorized to perform: apigateway:DELETE on resource: arn:aws:apigateway:us-east-1::/restapis/vxrf0gfs2a where vxrf0gfs2a is the random name of restApi Cloudformation stack creates Api gateway with explicit name

问题 we have someAWSAccount assuming someaccountrole with instance profile name p in AWS. Managed policy by name some-permission-boundary is created in this account( someAWSAccount ). Purpose of creating this boundary policy in this account is mentioned below. Requirement is, Resources: HelloWorldFunction: Type: AWS::Serverless::Function Properties: CodeUri: hello-world/ Handler: app.LambdaHandler Runtime: nodejs8.10 Events: MySQSEvent: Type: SQS Properties: Queue: !GetAtt SomeQueue.Arn BatchSize:

问题 I would like to perform automatic integration tests on my serverless projects. To do that, I need to get the api endpoints somehow. There is already the plugin serverless-stack-output for Serverless framework that serves the purpose. But I'm wondering how can I achieve similar thing by AWS SAM after I deploy my application? Meanwhile, If I can somehow get my api's base url as well as individual endpoints, then I'm able to connect them and and perform tests against them. 回答1: As AWS SAM builds

问题 I am trying to use aws-sam to develop / simulate my API Gateway locally. My API gateway makes liberal use of the HTTP proxy integrations. The production Resource looks like this: All of the aws-sam examples which I've found, as well as related documentation and Q&A, use the Lambda integrations / have a hard dependency on a Lambda function being the proxied resource, versus an HTTP Proxy integration. Is there a way to define an HTTP Proxy resource for an aws-sam application? (As opposed to a