SAM v1.18.0 Release: Lambda Provisioned Concurrency Support

SAM V1.18.0 Release: Provisioned Concurrency Feature Support in SAM

Change Log:

1. #1284 #1285

Provisioned Concurrency Feature Support

This release adds support to configure the number of concurrent executions to be reserved for the lambda function on AWS::Lambda::Alias resource. Setting the AutoPublishAlas property is required to use this feature on an AWS::Serverless::Function.

Resources:
  MinimalFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      CodeUri: ./src/
      Handler: index.handler
      Runtime: nodejs8.10
      AutoPublishAlias: live
      ProvisionedConcurrencyConfig:
        ProvisionedConcurrentExecutions: 10

SAM v1.17.0 Release: Add event bus name for CloudWatchEvent

Community Contributors to this Release

@zbintliff

Add event bus name for CloudWatchEvent

This release adds support for specifying an EventBusName for the CloudWatchEvent function event type. For more information about this property see the CloudFormation documentation. Thank you @zbintliff for contributing this feature. (#1185)

Resources:
  TriggeredFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: python3.7
      Events:
        OnTerminate:
          Type: CloudWatchEvent
          Properties:
            EventBusName: ExternalEventBridge
            Pattern:
              detail:
                state:
                - terminated

Changelog

1. (#1185) feat: changes for eventbusname on cloudwatch event

SAM v1.16.0 Release: Virtual Sharding and Stream failure processing support for streaming events

SAM v1.16.0 Release: Virtual Sharding and Stream failure processing support for streaming events

This release adds support for ParallelizationFactor, MaximumRetryAttempts, BisectBatchOnFunctionError, MaximumRecordAgeInSeconds, and DestinationConfig properties for Kinesis and DynamoDB event types.

ParallelizationFactor property can be set to increase concurrent Lambda invocations for each shard, which by default is 1. This allows for faster stream processing without the need to over-scale the number of shards, while still guaranteeing order of records processed.

Lambda functions can skip retrying a batch of records when it has reached the value set in the MaximumRetryAttempts property, which can be configured from 0 to 10,000.

Lambda functions can skip processing a data record when it has reached the value set in MaximumRecordAgeInSeconds property, which can be configured from 60 seconds to 7 days.

Lambda functions can continue processing a shard even when it returns an error. When a data record reaches the Maximum Retry Attempts or Maximum Record Age, you can send its metadata like shard ID and stream ARN to an SQS queue or SNS topic by setting that configuration in DestinationConfig

BisectBatchOnFunctionError allows a customer to have retried invocations contain a smaller number of records. With Bisect on Function Error enabled, Lambda splits the impacted batch of records into two when a function returns an error, and retries them separately. This allows you to easily separate the malformed data record from the rest of the batch, and process the rest of data records successfully.

Resources:
  StreamProcessor:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs10.x
      CodeUri: .
      Events:
        Stream:
          Type: Kinesis
          Properties:
            Stream: !GetAtt Stream.Arn
            ParallelizationFactor: 8
            MaximumRetryAttempts: 100
            BisectBatchOnFunctionError: true
            MaximumRecordAgeInSeconds: 604800
            DestinationConfig:
              OnFailure:
                Destination: !GetAtt MySqsQueue.Arn

Changelog

1. (#1261 ) feat: support virtual sharding and stream failure processing

SAM v1.15.1 Patch Release: ResourcePolicy fix

SAM v1.15.1 Patch Release: ResourcePolicy fix

This patch release fixes two bugs introduced in Release 1.15.0 -

1. ResourcePolicy created incorrect resource paths, this was fixed in #1181
2. A regression was introduced in CustomStatements property of ResourcePolicy, which resulted in multiple copies of custom statements being created. This caused some users to run into policy size limits. It was fixed in #1183

Changelog

1. (#1181) fix: resource policies fix for v1.15.1
2. (#1183) fix: custom statements regression bug

SAM v1.15.0 Release: Simplified API Gateway Resource Policies and Multiple Event Source Updates

Community Contributors to this Release

@53ningen, @adanilev, @ArendAMZN, @beck3905, @chrisoverzero, @dalumiller, @Jacco, @kennyk, @khamaileon, @MattTunny, @sambattalio, @singledigit, @TDaglis, @tim-pugh, @yuimam

Amazon API Gateway simplified resource policy support

SAM 1.14.0 release added support for adding Amazon API Gateway resource policies, allowing you to specify custom resource policy statements. This release adds a simplified syntax for creating API Gateway resource policies for the common use cases of whitelisting and blacklisting based on AWS Account, IP address range, and source VPC. For more information about Amazon API Gateway resource policies, see the Amazon API Gateway developer guide. (#1077)

Globals:
  Api:
    OpenApiVersion: "3.0.1"
    Auth:
      ResourcePolicy:
        AwsAccountWhitelist: ['account-id']
        AwsAccountBlacklist: ['account-id']
        SourceVpcWhitelist: ['vpc-1234']
        SourceVpcBlacklist: ['vpce-1234']
        IpRangeWhitelist: ['1.2.3.4/24']
        IpRangeBlacklist: ['1.2.3.4']

Resources:
  MyLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs8.10
      CodeUri: .
      MemorySize: 128

      Events:
        Api:
          Type: Api
          Properties:
            Path: /apione
            Method: any

Cognito event type

This release adds support for Cognito as a Lambda function event type. This allows you to easily add Lambda functions for customizing Cognito user pool workflows. For more information on Cognito user pool workflows with Lambda triggers, see the Cognito developer guide. A big thank you to @Jacco for contributing this feature! (#1066)

Resources:
  PreSignupLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: index.handler
      MemorySize: 128
      Runtime: nodejs8.10
      Events:
        CognitoUserPoolPreSignup:
          Type: Cognito
          Properties:
            UserPool: !Ref MyUserPool
            Trigger: PreSignUp

  MyUserPool:
    Type: AWS::Cognito::UserPool

SNS event supports SQS Subscription

The SNS event type now supports a SqsSubscription property. When set to true, rather than connecting the Lambda function directly to the provided SNS topic, an SQS queue is created and subscribed to the SNS topic, and the Lambda function is subscribed to the SQS queue. This feature eliminates the CloudFormation boilerplate required to setup this common pattern. For more information about SNS and SQS, see the developer documentation. A big thank you to @53ningen for contributing this feature! (#1065)

Resources:
  MyLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs8.10
      CodeUri: .
      MemorySize: 128
      Events:
        SNSEvent:
          Type: SNS
          Properties:
            Topic:
              Ref: MySnsTopic
            SqsSubscription: true

  MySnsTopic:
    Type: AWS::SNS::Topic

MaximumBatchingWindowInSeconds support for stream event sources

This feature adds support for MaximumBatchingWindowInSeconds property for Kinesis and DynamoDb event types. For more information about this property, see the AWS CloudFormation user guide. (#1120)

Resources:
  MyFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: nodejs8.10
      AutoPublishAlias: Live
      Events:
        KinesisStream:
          Type: Kinesis
          Properties:
            Stream:
              Fn::GetAtt: [MyStream, Arn]
            BatchSize: 100
            MaximumBatchingWindowInSeconds: 20
            StartingPosition: TRIM_HORIZON

  MyStream:
    Type: AWS::Kinesis::Stream
    Properties:
      ShardCount: 1

Api event request parameter customization

This feature allows you to specify API request parameter customizations directly on AWS::Serverless::Function Api events. Previously, you had to manage your own OpenApi document in order to use this feature of Amazon API Gateway. For more information on Request Parameters, see the Amazon API Gateway developer documentation. A big thank you to @beck3905 for contributing this feature! (#953)

Globals:
  Api:
    CacheClusterEnabled: true
    CacheClusterSize: '0.5'

Resources:
  MyLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs8.10
      CodeUri: .
      Events:
        PostApi:
          Type: Api
          Properties:
            Path: /post
            Method: POST
            RequestParameters:
              - method.request.header.Authorization:
                  Required: true
                  Caching: true
              - method.request.querystring.type

Api event permissions fix

Before this change, SAM was generating 2 Lambda permissions per Api event. Now, SAM will generate a single Lambda permission per Api event. This change reduces the number of permissions created for Api events by half, reducing the chances of users hitting Lambda policy size limits. (#1119)

Change Log:

1. (#1068)(#1090)(#1079)(#1096)(#1114)(#530)(#1121)(#1122)(#1103) (#1059) Documentation and example updates
2. (#1084) Add ssm:GetParametersByPath to SSMParameterReadPolicy
3. (#1015) Allow setting auth to NONE with AWS_IAM default authorizer
4. (#1088) Allow references in NotificationARNs property
5. (#1066) Add cognito event sources
6. (#1093) Remove extra stage only when OpenApiVersion is set
7. (#1065) Add SQS option to SNS event
8. (#1101)(#1113) Add code commit policy templates
9. (#1105) Use scoped logger instead of root
10. (#1104) Openapi version type errors
11. (#1035) Randomize logical IDs of API stage and Lambda permission
12. (#1120) Add support for aws lambda streaming batch feature
13. (#1119) Combine test and prod permissions for api events
14. (#1077) Support for resource policy Iam, Vpc and Ip whitelist/blacklist
15. (#1072) Add tag related permissions to S3FullAccess Policy
16. (#953) Add RequestParameters Support

SAM v1.14.0 Release: API Key Authorization and API Resource Policies Support

Community Contributors to this Release

@53ningen, @cfbarbero, @easydonny, @eduardovra, @falnyr, @Gaurav2Github, @kdnakt, @lo1tuma, @parimaldeshmukh, @sambattalio, @yan12125

API Key Authorization

This is the first step in supporting ApiGateway API Keys and Usage Plans in SAM. You can now require API Keys on API endpoints by specifying ApiKeyRequired: true in the Auth property of a Serverless::Api or in a Serverless::Function event configuration. In upcoming releases we will provide support for usage plans. For more information about setting up and using API Keys, see the developer documentation. A big thank you to @cfbarbero for contributing this feature! (#943)

Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Auth:
        ApiKeyRequired: true # sets for all resource methods

  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: nodejs8.10
      Events:
        ApiKey:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /
            Method: get
            Auth:
              ApiKeyRequired: true # sets for single resource method

API Resource Policies

This is the first of two proposed changes to add support for ApiGateway resource policies; the second change will come in a future release. This change adds support for the CustomStatements field of the ResourcePolicy field inside the Auth property of a Serverless::Api. This property allows template authors to set one or multiple resource policies that will be added to the ApiGateway RestApi. Resource policies are also necessary for using PRIVATE API Gateway APIs. For more information about creating and using resource policies for APIs, see this blog post. (#1045)

Globals:
  Api:
    Auth:
      ResourcePolicy:
        CustomStatements:
          - Effect: "Allow"
            Principal: "*"
            Action: "execute-api:Invoke"
            Resource: "execute-api:*/*/*"
Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: nodejs8.10
      Events:
        Api:
          Type: Api
          Properties:
            Method: put
            Path: /

Change Log:

1. (#996)(#1018)(#1023)(#1024)(#1027)(#1031)(#1041)(#1048)(#1049)(#1064) Documentation and example updates.
2. (#985) Remove unused CollectionId parameter from RekognitionFacesPolicy
3. (#1011) Add es:ESHttpPut in ElasticsearchHttpPostPolicy
4. (#989) Support SNS topic from a different region in a Serverless::Function event
5. (#943) Support ApiKey Auth
6. (#993) Support adding tags to API Stage
7. (#1006) Add optional Enabled, Name, Description fields to CloudWatch Schedule Events
8. (#998) Update requirements
9. (#986) Allow setting InvokeRole for AWS_IAM Auth to NONE
10. (#1034) Remove cfn-lint from tests
11. (#992) Fix invalid Lambda function permissions on API path
12. (#1054) Make sure Name and Type exist as properties of PrimaryKey for Serverless::SimpleTable
13. (#1045) API Gateway Resource Policies support
14. (#1062) Make sure ApplicationId property of Location on Serverless::Application is not null
15. (#988) Add support for using Fn::If in function policies

SAM v1.13.2 Patch Release: Redeploy API GW when OpenApiVersion flag is added (bug fix)

This patch release fixes a bug where the API GW would not redeploy if you added OpenApiVersion in certain cases. The fix takes into account the OpenApiVersion flag when calculating the hash to determine if the API has changed and needs to be redeployed.

Changelog
(#1056)(#1061) Redeploy api if OpenApiVersion changes.

SAM v1.13.1 Patch Release

SAM v1.13.1 Patch Release: Binary Media Types bug fix

This patch release fixes a bug with Binary Media Types introduced in 1.13.0 and reported in issue #1036. SAM wasn't converting the encoding of the Binary Media Types from *~1* to */* before adding them to the swagger document, which resulted in the corruption of some APIs that use Binary Media Types in SAM. This was fixed in #1043

Changelog

(#1043) Fix Binary Media Types regression

SAM v1.13.0 Release

SAM v1.13.0 Release: OpenApi 3 Support and Request Models Support

OpenApi 3.0 support and Stage "stage" fix

We have now added support for OpenApi 3.0 in SAM. This is an opt-in feature that can be enabled by using the OpenApiVersion property for an AWS::Serverless::Api. This property is supported at both the resource and global levels of the template.

Globals:
  Api:
    OpenApiVersion: '3.0.1'

Resources:
  ImplicitApiFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: s3://sam-demo-bucket/member_portal.zip
      Handler: index.gethtml
      Runtime: nodejs8.10
      Events:
        GetHtml:
          Type: Api
          Properties:
            Path: /
            Method: get

If you opt into this flag, SAM also fixes the issue where a stage named "stage" was created by default. #191

API Request Models Support

This feature adds support for listing Models in the Api resource and defining a model to be used in the Api event source. Previously, the only way to do this was to manually write the swagger file. This now makes it much simpler to define the models, and special callout to community member @beck3905 for adding this feature.

Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      Models:
        User:
          type: object
          required:
            - grant_type
            - username
            - password
          properties:
            grant_type:
              type: string
            username:
              type: string
            password:
              type: string
  MyLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs6.10
      CodeUri: src/
      Events:
        GetApi:
          Type: Api
          Properties:
            Path: /post
            Method: POST
            RestApiId:
              Ref: MyApi
            RequestModel:
              Model: User
              Required: true

Change Log:

1. (#932)(#949)(#990) OpenApi 3.0 support and stage stage bug fix
2. (#948) API Request Models Support by @beck3905
3. (#958) Fix CORS options method when DefaultAuthorizer is used
4. (#954) Fix API Binary Media Types update issue
5. (#946)(#973) Bug fixes
6. (#962)(#961)(#960)(#963)(#979) version bumps in dependencies
7. (#950)(#968)(#982) Additions to docs and examples

SAM v1.12.0 Release

SAM v1.12.0 Release: Reference custom Lambda CodeDeploy configurations

Reference Custom Lambda CodeDeploy Configurations

Previously in SAM, you could configure CodeDeploy to enable gradual code deployments for your AWS Lambda functions. Now, you can reference existing custom CodeDeploy configurations in the DeploymentPreference property of an AWS::Serverless::Function. Thank you @Buffer0x7cd for contributing this feature! (#848)

To learn more about implementing gradual Lambda deployments using CodeDeploy, see this blog post. To learn more about how to create a custom Lambda CodeDeploy configuration, see the AWS Documentation.

# Example using a custom CodeDeploy configuration
Resources:
  MyFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      CodeUri: s3://sam-demo-bucket/demo.zip
      Handler: index.handler
      Runtime: python3.6
      AutoPublishAlias: live
      DeploymentPreference:
        Type: MyCustomDeploymentConfiguration  # Name of CodeDeploy configuration

Change Log:

(#904) Add StepFunctionsExecutionPolicy
(#908 #913) Bug fixes by @jadhavmanoj
(#918 #966) Additional bug fixes
(#888) Run cfn-lint on test outputs
(#605 #883 #886 #887) Example app updates
(#899 #902 #905 #909 #919) Documentation updates