getlift / lift Goto Github PK
View Code? Open in Web Editor NEWExpanding Serverless Framework beyond functions using the AWS CDK
License: MIT License
Expanding Serverless Framework beyond functions using the AWS CDK
License: MIT License
Let me start by saying thank you for the awesome work you have done with this project, very much appreciated.
I definitely wanted to ask you how would I enable higher throughput with the fifo queues, I'm generating about 20000 messages in a couple of seconds but then I see them eternally going one by one with my FIFO queue like in 1 day or more. I just went and enabled manually in my queues on the AWS console the high throughput slider but its not something that can hold for the long run
ContentBasedDeduplication: Boolean
DeduplicationScope: String
DelaySeconds: Integer
FifoQueue: Boolean
FifoThroughputLimit: String
KmsDataKeyReusePeriodSeconds: Integer
KmsMasterKeyId: String
MaximumMessageSize: Integer
MessageRetentionPeriod: Integer
QueueName: String
ReceiveMessageWaitTimeSeconds: Integer
RedriveAllowPolicy: Json
RedrivePolicy: Json
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html
Also, according to that documentation that will increase throughput significantly, is from my perspective that disabling the deduplication scope will increase also performance of the queue but I couldn't find any documentation that will confirm or deny my assumption. The reason for me using FIFO Queues is because the load on other resources can't tolerate concurrency:
myconstruct:
type: queue
fifo: true
worker:
handler: handler.generator
timeout: 120
provisionedConcurrency: 1
maxRetries: 3
I was wondering if it makes sense to expose AWS Cloud Formation API within the lift construct to tweak the FIFO queues depending on the use case. Also if there is a walkaround that don't require me to eject from lift.
Hi,
I really appreciate how Lift helps me to remove some repeating work when deploying a static website, but one chore still remains - creating an AWS IAM user with the right permissions to deploy the site from my CI/CD pipeline.
What I usually do is a trial-and-error procedure of creating a user and adding more and more permissions until my deployment is successful. Is there an easier way? Is it documented?
Thank you!
Hello ๐
I'm currently testing Lift constructs and I'm trying to find a small use case for each constructs for my company needs.
I've deployed the "Storage" construct but then realize that I forgot the env variable for the bucket name. I added it and the sls deploy
command fail:
Invalid variable reference syntax for variable constructs:videos.bucketName. You can only reference env vars, options, & files. You can check our docs for more info.
Here is my files, I'm keeping them as simple as possible for demo purpose:
# serverless.yml
service: ugc-upload # user-generated-content, small project to accept videos from an user
provider:
name: aws
profile: superadmin # multiple account in my credentials
region: eu-west-2 # for reasons
runtime: provided.al2
lambdaHashingVersion: 20201221
plugins:
- serverless-lift
- ./vendor/bref/bref
constructs:
videos:
type: storage
functions:
get-signed-url:
handler: src/GetSignedUrlHandler.php
layers:
- ${bref:layer.php-80}
events:
- httpApi: "GET /"
environment:
BUCKET_NAME: ${constructs:videos.bucketName}
# package.json
{
"devDependencies": {
"serverless": "^2.46.0",
"serverless-lift": "^1.1.0"
}
}
# Got this from `npm i --save-dev serverless serverless-lift`
# composer.json
{
"require": {
"bref/bref": "^1.2",
"async-aws/s3": "^1.9",
"azjezz/psl": "^1.7"
}
}
# Got this from `composer require bref/bref async-aws/s3 azjezz/psl`
# src/GetSignedUrlHandler.php
<?php
require dirname(__DIR__) . '/vendor/autoload.php';
use AsyncAws\S3\Input\PutObjectRequest;
use AsyncAws\S3\S3Client;
use Bref\Context\Context;
use Bref\Event\Http\HttpHandler;
use Bref\Event\Http\HttpRequestEvent;
use Bref\Event\Http\HttpResponse;
use Psl\Json;
use Psl\SecureRandom;
class GetSignedUrlHandler extends HttpHandler
{
public function handleRequest(HttpRequestEvent $event, Context $context): HttpResponse
{
$client = new S3Client();
$input = new PutObjectRequest(
[
"Bucket" => $_ENV["BUCKET_NAME"],
"Key" => SecureRandom\string(11) . ".png",
]
);
$signedUrl = $client->presign($input);
return new HttpResponse(
Json\encode(["signed-url" => $signedUrl]),
["Content-Type" => "application/json"],
);
}
}
return new GetSignedUrlHandler();
The complete output of sls deploy
:
Serverless: Running "serverless" installed locally (in service node_modules)
Serverless: Deprecation warning: Approached unrecognized configuration variable sources: "constructs".
From a next major this will be communicated with a thrown error.
Set "variablesResolutionMode: 20210326" in your service config, to adapt to new behavior now
More Info: https://www.serverless.com/framework/docs/deprecations/#NEW_VARIABLES_RESOLVER
Serverless Error ----------------------------------------
Invalid variable reference syntax for variable constructs:videos.bucketName. You can only reference env vars, options, & files. You can check our docs for more info.
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: darwin
Node Version: 14.4.0
Framework Version: 2.46.0 (standalone)
Plugin Version: 5.4.0
SDK Version: 4.2.3
Components Version: 3.12.0
Here is an example with a queue construct:
constructs:
jobs:
type: queue
worker:
...
To view logs, I must type:
serverless logs -f <function-name>
What's the function name?
As a user, I need to know that Lift will generate a function named jobsWorker
.
That should be simpler for users.
We could add construct commands, for example:
serverless jobs:worker:logs
serverless jobs:worker:deploy
...
The challenge is avoiding to reimplement commands and their options. I gave it a quick try:
pluginManager.spawn()
wouldn't work here, as there doesn't seem to be a way to change the options for the spawned command (e.g. to pass the function name)We could add an output to print the function name. That way users can find out what the function name is.
This approach requires more effort from the user, and is less discoverable. However it is more consistent with the existing commands.
The database name 'bref-dashboard-backend-prod' is invalid: it must only contain letters and numbers.
Hello,
Cloudfront function names are allowed to have only 64 symbols in their name. In most cases it is enough, but in case of a long stage names this may be an issue.
We're building temporary MR environments with our CI/CD pipelines and the best would be to use the feature-branch names as a stage names, but these may be quite long. For example: feature-add-storybook-templates
And since the function name consists of <service>-<stage>-<region>-<path>-response
the number of symbols, which can be used becomes very small.
Currently I've solved it by using first 8 characters of commit SHA instead of a branch name, but will it be possible to integrate a length-check for a function name, and if it is longer, than 64, then cut it and add short hash at the end automatically?
So, a name like this: app-service-feature-add-storybook-templates-eu-central-1-build-response
becomes app-service-feature-add-storybook-templates-eu-central-1ST8SHA1
Serverles-lift fails to create queues, if stage name is passed from a custom variable
The following configuration won't work
service: demo
frameworkVersion: '2'
plugins:
- serverless-lift
custom: ${file(../config/config.yml)}
provider:
name: aws
runtime: python3.8
lambdaHashingVersion: 20201221
stage: ${self:custom.stage}
constructs:
my-queue:
type: queue
fifo: true
worker:
handler: lambdas/lambda_name.lambda_handler
This fails with exception
Serverless Error ----------------------------------------
ServerlessError: An error occurred: my-queueDlqF097231D - The name of a FIFO queue can only include alphanumeric characters, hyphens, or underscores, must end with .fifo suffix and be 1 to 80 in length. (Service: AmazonSQS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 472ff810-cd4d-5bdf-acae-a1f36a3ee1fb; Proxy: null).
at /opt/demo/serverless-script/node_modules/serverless/lib/plugins/aws/lib/monitorStack.js:136:23
at processTicksAndRejections (internal/process/task_queues.js:97:5)
I tried to find the reason by adding the console.log
at this place in Queue.ts
// The default function timeout is 6 seconds in the Serverless Framework
const functionTimeout = configuration.worker.timeout ?? 6;
const maxRetries = configuration.maxRetries ?? 3;
const baseName = `${this.provider.stackName}-${id}`;
console.log("baseName: " + baseName);
const dlq = new CdkQueue(this, "Dlq", {
queueName: configuration.fifo === true ? `${baseName}-dlq.fifo` : `${baseName}-dlq`,
// 14 days is the maximum, we want to keep these messages for as long as possible
retentionPeriod: Duration.days(14),
fifo: configuration.fifo,
});
The output indicated that custom variable did not get resolved and hence the error
basename: demo-${self:custom.stage}-my-queue
However if I change the stage variable to
stage: test
it works perfectly.
According to AWS S3 support response, when we are creating presigned S3 URL, it's expiration date restricted not only by our will, but also by expiration date of a token we used to create this presigned URL. That means that it's impossible to create presigned linkes that working e.g. for a week under Lambda IAM token since this token will expire long before week will pass.
I know only two options how to overcome this:
So, feature request is to implement such redirection function with Lift.
The environment variable being exposed to the functions using the reference ${construct:myQueue.queueUrl} is being logged as '[object Object]'. That is a string, not even an object that I can parse/print using utils.
Use case:
I want to build my static website (e.g. npm run build
) and pass the serverless API URL to the static website as an environment variable.
Possible solution:
constructs:
landing:
type: static-website
path: dist
build:
script: 'npm run build'
environment:
VUE_APP_API_URL: !GetAtt HttpApi.ApiEndpoint
The build
option is optional:
serverless deploy
serverless deploy
(after the CloudFormation deployment, before uploading the static website to S3)Challenge: the !GetAtt HttpApi.ApiEndpoint
would probably not be resolved by Serverless/Lift since this isn't a variable. So my example above isn't really working, yet this is probably the most common use case. How can we solve this?
When I use serverless offline --printOutput
it doesn't log the logs from my queue worker, is this not possible to do or did I miss something?
Could it make sense to have an option to forward /api in the cloudfront distribution to the api gateway?
This would avoid Preflight overhead and making it easy to talk with the serverless api from the website
PS. Absolutely LOVE this. Thanks for doing the heavy lifting!
I just spent several hours trying to understand why the parameters from the serverless dashboard weren't correctly being passed to lift plugin until I came across this note on the serverless plugins' guide.
Note: Variable references in the serverless instance are not resolved before a Plugin's constructor is called, so if you need these, make sure to wait to access those from your hooks.
Which means that trying to do the following will result in an error "ARNs must start with "arn:" and have at least 6 components: ${param:CERTIFICATE}".
constructs:
app:
domain: ${param:DOMAIN}
certificate: ${param:CERTIFICATE}
type: static-website
path: dist
I fixed it on a fork moving the Constructs loader to the initialize hook pedrodim@1c47638, which seems to work fine for the Static website construct (it does correctly deploy my website without errors) but obviously now some tests are broken and I have no idea how to fix those.
Maintainer edit: a full solution is documented on this page here.
Hello,
Bottom Line Up Front:
SQS
queue created by lift's queue constructSQS
queue created by lift's queue construct to SNS
topic and apply filter policy for the subscriptionContext:
I am currently developing a system where
publisher -> SNS -> filter policy -> SQS -> lambda handler
I am using lift's queue construct to create SQS queue and its handler SQS -> lambda handler
service: email-service
provider:
name: aws
runtime: nodejs12.x
region: ap-southeast-1
stage: dev
lambdaHashingVersion: 20201221
constructs:
EmailQueue:
type: queue
worker:
handler: emailQueueWorker.handler
plugins:
- serverless-plugin-typescript
- serverless-lift
Currently, I have been using AWS Console (web) to manually apply filter policy from SNS -> SQS
as well as subscribe SQS
to an SNS
topic.
Then noticed that SNS
was unable to send messages to SQS
due to SQS
created by lift queue construct not having a proper access control policy. I had to manually edit the access policy like below
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "Allow-SNS-SendMessage",
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Action": "sqs:*",
"Resource": "arn:*****:email-service-dev-KeyShoeEmailQueue"
}
]
}
Would there be a way to:
SNS
can send messages to SQS
Thank you in advance!
Hi, (please do point me in the right direction if it's already possible)
is there a possibility of programatically setting the delivery delay in the serverless.yml declaration?
With the following config:
storage:
pdf:
I get the following warning in the CLI (only a soft warning, no error):
Serverless: Configuration warning at 'storage': should NOT have fewer than 1 properties
I don't understand why the warning here, storage
has 1 property (pdf:
). Any idea @fredericbarthelet?
Is it possible to define custom queueName for a SQS queue? If not, please make it configurable.
I'm currently retrieving the DLQ URL by referencing the logical ID of the DLQ that is generated after the first deployment.
For example in my serverless.yml:
environment:
QUEUE_URL: ${construct:queue.queueUrl}
DLQ_URL: !Ref queueDlqAB1234C5
Ideally, this value is exposed on the queue when referencing the construct, so it could look like the following:
environment:
QUEUE_URL: ${construct:queue.queueUrl}
DLQ_URL: ${construct:queue.dlqUrl}
I've had a bit of a dig around and I think we can possibly achieve this by changing the following in Queue.ts
variables(): Record<string, unknown> {
return {
queueUrl: this.queue.queueUrl,
dlqUrl: dlq.queueUrl,
queueArn: this.queue.queueArn,
};
}
It would be useful to let protect a static website with some kind of auth system. It would be great to provide staging versions of a website not public available.
Maybe with Cloudfront function could be achieved something like basic authentication with username/password credentials?
Originally posted by @andrea-cristaudo in #5 (comment)
Also reported in #78 by @InvisibleKind
Is there a way to use the Storage constructs with Serverless offline?
I ran the deployment so the bucket was created correctly. But if I run sls offline
the bucket name comes as the string [object Object]
, when set in a env via: BUCKET_NAME: '${construct.someBucket.bucketName}'
.
I was wondering if it would be possible to extend the "construct" entry in serverless.yml to also accept docker images?
For example, I can deploy a docker image in serverless like this:
provider:
name: aws
ecr:
images:
my-docker-image:
path: ./
functions:
my-function:
image:
name: my-docker-image
And I would love to use lift to add additional resources around it. However, this is not currently allowed:
provider:
name: aws
ecr:
images:
my-docker-image:
path: ./
constructs:
my-queue:
type: queue
worker:
image:
name: my-docker-image
My hope is that this is just a constraint put on the serverless.yml, and that lift can fall back on serverless functionality to deploy the images. That said, I appreciate that I don't have overview of the work required at all.
Would be great to hear your thoughts on this request!
Trying to adapt the documentation example so I can manage queues on dev differently but still use lift to create the production queues:
constructs:
update-segment-memberships-from-contact-changes:
type: queue
custom:
update-segment-memberships-sqs-queue-arn:
dev: ${env:UPDATE_SEGMENT_MEMBERSHIPS_FROM_CONTACT_CHANGES_QUEUE_ARN}
staging: ${construct:update-segment-memberships-from-contact-changes.queueArn}
demo: ${construct:update-segment-memberships-from-contact-changes.queueArn}
production: ${construct:update-segment-memberships-from-contact-changes.queueArn}
functions:
update_segment_memberships_from_contact_changes:
events:
- sqs:
arn: ${self:custom.update-segment-memberships-sqs-queue-arn.${sls:stage}}
batchSize: 10
maximumBatchingWindow: 60
but getting:
Invalid configuration in 'constructs.update-segment-memberships-from-contact-changes': no 'worker' defined. Queue constructs require a 'worker' function to be defined.```
Hey,
I want to add service side encryption to the queues created by lift, specifically the KmsMasterKeyId. Is this possible, if not can this property be exposed?
Hello, thank you for the development of the Lift plugin, it's so awesome, I hope it will support more use cases in the near future. I especially like it as a Ruby developer, as AWS CDK does not support it at all ๐ .
Yesterday I've submitted the PR for the Serverless Framework example (SQS + DynamoDB). I've used the queue construc
t for the example which is awesome.
However, during the implementation, I've crossed upon one problem, not sure whether is due to the construct, or maybe due to my lack of knowledge in some of the aspects of Serverless Framework.
Within the permissions section, we can see the information about:
By default, all the Lambda functions deployed in the same serverless.yml file will be allowed to push messages into the queue.
In the example below, there are no IAM permissions to set up: myFunction will be allowed to send messages into my-queue.
constructs:
my-queue:
type: queue
# ...
functions:
myFunction:
handler: src/publisher.handler
environment:
QUEUE_URL: ${construct:my-queue.queueUrl}
This is quite nice, as I do not need to provide IAM statements within the serverless.yml
.
However, when I've added another resource, which is DynamoDB in my case, and added the IAM statements:
iam:
role:
statements:
- Effect: Allow
Action:
- dynamodb:PutItem
Resource:
- !GetAtt Table.Arn
After the deployment, the Lambda function for the myFunction
will not have permissions to access the SQS anymore. So to make it work I need to add to the above iam role statements:
- Effect: Allow
Action:
- sqs:SendMessage
Resource: ${construct:lotteryQueue.queueArn}
Not sure, whether is a bug or not. ๐ค
In our particular case, we had an AWS Quota Limit increase on the number of Cloudfront forwarded headers from 10 to 15. At this time, it is hard coded to only allow 10 headers when projects can have more if approved by AWS.
Hello,
Today I tried to create a webhook for Trello with the construct available in Lift. But I stumbled across an error saying that the webhook was not returning a 2xx response code. After some testing, I found out that Trello was sending a GET request on the endpoint to check its availability.
Yes, it's weird to check the provided endpoint with a GET request when all other requests will be POST. But anyway, my solution was:
serverless.yml
;serverless.yml
.A bit painful, but it worked. I wonder if anyone got the same problem with another third party service? Maybe it's just this tool that does a wrong check and I need to inform Trello/Atlassian? Maybe Lift can add an integration on GET and HEAD routes in addition to the POST one?
(This is open to discussion and could have been a discussion thread in the Webhook RFC or other, but because I couldn't use the Webhook Construct for Trello without some manual tweaks, I prefer to create an issue)
there is a large chance that at some point you need an outgoing notification topic with its permissions and policy to provide event driven architecture intercommunication, to notify end users , to notify it , etc. So that you can reference it from lambda code.
This issue follows initial implementation of database/dynamodb-single-table
construct.
Originally posted by @alexdebrie in #69 (comment)
What if I do need different keys on my secondary index -- is this configurable? In most cases, I use the generic keys as you have, but there are situations where you may want something different.
Originally posted by @fredericbarthelet in #69 (comment)
Secondary keys are not configurable. I was wondering if duplicating data across multiple attribute when there is an overlap in indexes is not a better strategy. For exemple, you may have access patterns with overlapping indexes for a specific type of items within your table. If you enforce GSI-1-PK as being the table primary SK, you actually enforce projection of all rows of the table to this new secondary index, even for entities not benefiting from this pattern. This incurs additional cost, that may be higher than actually duplicating this specific attribute for items benefitting from this pattern.
Solution with attribute duplication
| PK | SK | GSI-1-PK | GSI-1-SK | Amount |
|------------ |---------- |---------- |------------ |-------- |
| INV#123456 | BILL#112 | BILL#112 | 2020-01-03 | 12 |
| INV#123456 | BILL#113 | BILL#113 | 2020-01-08 | 22 |
| USER#123 | John Doe | | | |
Benefits:
- Inserting USR#123 does not incur cost for replication on GSI-1
- Invoices have a duplicated attribute: SK and GSI-1-PK. This incur additional costs only if this duplication actually brings the total amount written over the next KB
Solution with overlapping indexes
| PK | SK (GSI-1-PK) | GSI-1-SK | Amount |
|------------ |--------------- |------------ |-------- |
| INV#123456 | BILL#112 | 2020-01-03 | 12 |
| INV#123456 | BILL#113 | 2020-01-08 | 22 |
| USER#123 | John Doe | | |
Benefits:
- Duplication does not need to be programmatically handled
WDYT ?
https://docs.aws.amazon.com/lambda/latest/dg/nodejs-package.html says "If your function depends only on standard libraries, or AWS SDK libraries, you don't need to include these libraries in your .zip file. These libraries are included with the supported Lambda runtime environments."
serverless-lift should not include aws-sdk as it bloats the resulting .zip. Should aws-sdk be as devDependency?
It's possible to exclude aws-sdk explicitly using package pattern, but it should be excluded by default.
It appears that for any assets in subdirectories uploaded to S3, it uses a backslash instead of a forward slash. This appears to make the file(s) inaccessible. Here is the snippet I'm using in serverless.yml:
constructs:
website:
type: server-side-website
assets:
'/js/*': assets/js
'/css/*': assets/css
'/images/*': assets/images
'/favicon.ico': assets/favicon.ico
'/robots.txt': assets/robots.txt
domain: ${self:custom.domains.${self:custom.stage}}
certificate: arn:aws:acm:us-east-1:xxxxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Here's a sample of those files as they appear in S3 (retrieved via aws s3 ls <bucket>
; displays same way in AWS console):
2021-11-18 14:59:22 14631 images\logo.png
2021-11-18 14:59:22 818 images\logo1.png
2021-11-18 14:59:22 1000 images\logo2.png
2021-11-18 14:59:23 1396 images\logo3.png
2021-11-18 18:43:50 1459 images\logo4.png
2021-11-18 14:59:23 3216 images\logo5.png
Attempting to access one of those files (https://xxxxxxxx.yyy/images/logo4.png) via CloudFront results in:
<Error>
<Code>NoSuchKey</Code>
<Message>The specified key does not exist.</Message>
<Key>images/logo4.png</Key>
<RequestId>XXXXXXXXXXXXXX</RequestId>
<HostId>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx=</HostId>
</Error>
I checked the CloudFront Behaviors section and they look correct.
If I manually delete the files in S3, create the containing directory and upload the file manually, it works as expected.
Has anyone else run into this?
In Server-side-website, we can configure the error page with :
constructs:
website:
# ...
errorPage: error500.html
But we can't set the CDN's default page, like this :
constructs:
website:
# ...
defaultPage: index.html
In my case, for example, index.html is added in my assets (it's a fully static page), but if i go to the page https://mydomain.com i redirect to the lambda mangement. If i go directly to https://mydomain.com/index.html, it's ok, but not really top.
What do you think ?
I have a use-case where I have additional files being added to the static websites bucket by a separate function.
It would be helpful if there as an option on the static-website construct where I could provide a list of patterns for files and folders that are to be excluded when deleting all the files from the bucket on deploy.
This ticket is based on this Bref Slack discussion.
I love the idea of this project and would like to make use of it as a Serverless Blueprint delivery mechanism. I am growing Serverless build teams at the moment and being able to deliver blueprints pre-packaged like this is really beneficial.
My proposal is to enable Serverless plugin hooks for the Construct Provider load so that I can use the pre-packaged constructs in Lift OR I can replace the included with my own developed Construct Provider(s) so I can control the blueprints we share OR add my own to the pre-packaged list - I feel both scerarios make sense - Add more constructs of my own or Replace the constructs altogether.
In this way, I could build my own serverless plugin to add my own production-ready constructs built to my Corporate Cloud requirements for security and Least privilege access.
Happy to work on adding this in if you want but wanted to Create this feature request first to understand your current roadmap and whether this is a direction you are planning to head and makes sense for this project.
Happy to discuss offline too if you wanted to chat about it in more detail.
I'm currently on a project where I'm using the following plugins: serverless-offline, serverless-offline-sqs and serverless-lift. When I try to run 'serverless offline', for each environment declared in the worker this error is being raised:
offline: MissingRequiredParameter: Missing required key 'QueueName' in params at ParamValidator.fail.
Is there any configuration where I can fix this error?
During sls deploy
of react/gatsby website I get the following error:
[...]
Deleting public/static/slide-3-ac5bf32331347fc3e267e58177c3bccc.png
Deleting public/static/white_bg1-4a8b4ddfca1d3b974210bfebf741f1e5.svg
Deleting public/styles.332ed04b92590be19262.css
Deleting public/styles.55e29f7ac37d141a5e6a.css
Deleting public/webpack-runtime-b6adb77e9e7bb73d8646.js
Deleting public/webpack-runtime-b6adb77e9e7bb73d8646.js.map
Deleting public/webpack-runtime-d682f7d47c0dd90b1df7.js
Deleting public/webpack-runtime-d682f7d47c0dd90b1df7.js.map
Deleting public/webpack.stats.json
Serverless Error ----------------------------------------
The XML you provided was not well-formed or did not validate against our published schema
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: darwin
Node Version: 14.16.1
Framework Version: 2.64.1 (local)
Plugin Version: 5.5.0
SDK Version: 4.3.0
Components Version: 3.17.1
Perhaps it is that problem: https://stackoverflow.com/a/69235576/4105584
When trying to use a DLQ in another component via:
destinations:
onFailure: ${construct:queue.dlqUrlOutput}
I am getting the error:
Resolution error: ${construct:queue.dlqUrlOutput} does not exist. Properties available on ${construct:queue} are: queueUrl, queueArn.
However the below linked line seems to suggest this does get output:
Line 140 in 25192e6
Hello. Is it possible to add MessageRetentionPeriod to the queue?
I am opening this issue to track a use case: retrying failed messages via a Lambda function.
Current behavior:
As a user, I can retry failed messages of a queue via: serverless queue:retry
.
That command will connect to the SQS DLQ, fetch messages and move them to the main queue.
As such, the user running the command must have the AWS permissions to read/write those SQS queues.
New behavior:
On top of the existing command, there could be an alternative: the "retry" logic could run in a Lambda function.
That way, permissions to read/write SQS queues is limited to the Lambda function.
The Lambda function could be deployed by the queue construct: it wouldn't be a function users have to write.
The function could be triggered either manually by users (through the AWS console or API) or via a local command, e.g. serverless queue:retry-lambda:invoke
(or whatever the name would be). That local command would invoke the Lambda function (not connect to SQS directly).
If this use case matches your needs please add ๐ on this issue and describe your situation in a comment. This helps prioritize new features.
AWS announced today support for Response headers with a built-in preset for adding security headers.
I think it could replace the response cloudfront function and save on the extra cost.
Unfortunatly, Cloudformation (and so CDK) support is not there yet, so I'm opening this to gather feedback and hopefully not forget about it ๐
There's also the option to add CORS headers on the distribution which may be useful for the server side website and even custom fixed value headers (no use case yet from my POV).
EDIT: more detailed article here https://aws.amazon.com/fr/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-response-headers-policies/
Hi team,
I have a few low volume queues for a small client app. They're getting usage warnings due to do constant polling from lambda functions to said queues. Based on the documentation here a solution is to configure the ReceiveMessageWaitTimeSeconds for a queue to reduce the polling interval.
https://aws.amazon.com/premiumsupport/knowledge-center/sqs-high-charges/
Thanks,
Fabs
Hi, would it be possible to allow custom identitySource (or disablement of it) for Webhook? It is currently hardcoded to $request.header.Authorization
Certain services like Paddle do not provide anything in the authorization header, rather they provide the signature inside the body. Paddle does not allow specifying of headers either so I'm kinda stuck.
Thanks!
To catch any internal change in Serverless Framework, we should run tests in CI with:
We should probably also run tests in CI every night, to test against any new Serverless release as soon as possible.
cc @fredericbarthelet, we mentioned this together
The scheduled CI running every night has been failing for 5 days.
This is due to https://github.com/aws/constructs/pull/771/files
This library is a dependency of CDK libraries and stopped supporting NodeJS 10 hence the failing workflow.
There's 2 solutions:
<=3.3.156
1๏ธโฃ seems the right move to me because restricting will mean we won't be able at some point to get updates from CDK until we eventually drop NodeJS 10.
Note that there's already been a discussion about NodeJS 10 support in the past which lead to it being supported, see #46
I am currently using the static website Serverless component found at https://github.com/serverless-components/website. It automatically sets up custom domain mappings with the Cloudfront CNAME if you are using Route53. Would it be possible to enable this feature here? I want to migrate to Lift as the Serverless component framework is restrictive in that I cannot use additional plugins etc.
Hi all,
starting from the predicate that our image exists (from ECR or docker hub), can we imagine a constructor that would take as argument the name of the image and, optionally, the cpu, the ram and the number of occurrences (etc. ?) and that would return as output the associated public ip :
service: my-app
provider:
name: aws
plugins:
- serverless-lift
constructs:
# Include Lift constructs here
my-service:
type: ecs
image: 'gotenberg' # from Docker hub for example
we could also specify a security group to complete the whole
Hello โ
I have probleme using <construct>:upload
, I'm trying to deploy my landing page using the configuration said on documentation
I run :
serverless landing:upload
With this config bellow :
constructs:
landing:
type: static-website
path: landingPage
And this error append
Seems like i don't have permission but I'm also using serverless to deploy my API using bref.sh with the same IAM role.
Hi all,
When using a Lambda in a VPC, I understand that it is cut off from the internet. To avoid having to add a NAT Gateway, would it be possible to add a parameter to the constructor (an array of endpoints) to create a gateway to these different endpoints?
I mention in the title the Server-Side Website construct, but this is mostly valid for simple functions.
I don't know if it is possible via LIFT or if it should be managed only via resources
to discuss it
I need to configure maximumBatchingWindow from SQS constructs.
Can you expose this property? Just like batchSize.
Hi all,
Would it be possible to expose the S3 Bucket in the output of the ServerSideWebsite construct ?
Indeed, I need to adjust some behaviors of this bucket via the resources
of the serverless.yml, but currently, I can only do it after a first deployment, by manually retrieving the id via the stack created :
resources:
extensions:
${construct:website.bucket}:
Properties:
WebsiteConfiguration:
IndexDocument: index.html
instead of
resources:
extensions:
websiteAssets2A73BB69:
Properties:
WebsiteConfiguration:
IndexDocument: index.html
thanks for time
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.