Hi, can we create security groups while deploying the serverless stack application ? Or do I have to predefine them ?

How can i specify an already created subnet and security group during the creation of a lambda ?

Hi all, Is there a way to grab the command line arguments? For example if I run

npm run deploy -- --stage=Integration

, how can I grab the stage? I tried with

process.argv

but that didn't work

anyone know why this would happen when deploying AppSync for the first time?

AppSyncApiEBDAEC17 Failed to assume service-linked role arn:aws:iam::xxx:role/aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync, please retry. (Service: AWSAppSync; Status Code: 403; Error
 Code: AccessDeniedException)

Hello! So I've moved most of my infrastructure to SST and it's great however, I'm unable to setup lambda@edge. It seems to be unable to copy a file for some reason.

Error: ENOENT: no such file or directory, copyfile '/home/xxx/xxx/xxx/node_modules/@aws-cdk/core/lib/custom-resource-provider/nodejs-entrypoint.js' -> '/home/xxx/xxx/xxx/.build/lib/edge-function/__entrypoint__.js'

Any ideas why this is happening??

Is there any example about how to host a Slate documentation through StaticSite constructor?

Hello! Do you have issues with the network of your instances? All our builds fall in timeout

anyone know why this has no effect and won’t deploy?

new sst.EventBus(this, 'VideoUpdateHandler', {
      defaultFunctionProps: { srcPath },
      rules: {
        processUpdateRule: {
          eventPattern: {
            source: ['aws.mediaconvert'],
            detailType: ['MediaConvert Job State Change'],
            detail: {
              queue: [videoQueue.attrArn],
              status: ['COMPLETE', 'PROGRESSING', 'STATUS_UPDATE', 'ERROR'],
            },
          },
          targets: [`${handlerPrefix}/video-process-update.main`],
        },
      },
    });

does anyone know how

Rule

works in

@aws-cdk/aws-events

? I created a rule, and then I’m trying to add a target but it doesn’t work: ``````

I can’t delete a single Lambda function without getting this:

dev-microservices-core | UPDATE_ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | dev-microservices-core Export dev-microservices-core:ExportsOutputRefUploadBucketB0FBA0377290D88A cannot be deleted as it is in use by dev-microservices-media-processor

there’s some weird dependency thing going on here and I don’t understand it.

Is it possible to debug C# lambda functions with SST? I see in the documentation that C# is supported for “Lambda” and I was able to execute local C# functions, but debugging does not appear to work. I didn’t see anything in the docs specifically mentioning whether or not this is supported. Are NodeJS functions the only runtime that supports debugging locally?

I’m totally stuck and can’t figure out what’s wrong with this config I’ve made it so

src

is a workspace.. in other words, all the Lambda & other business logic stuff in src has its own set of packages and tsconfig.

src/tsconfig.json

looks like this:

{
  "extends": "../tsconfig.json",
  "compilerOptions": {
    "baseUrl": ".",
    "paths": {
      "~/*": ["./*"]
    },
  },
  "include": ["**/*", "../environment.d.ts"]
}

but when I do

yarn build

, I get this error:

> src/core/trash/purge-deleted-items.ts:9:30: error: Could not resolve "~/libs/db" (mark it as external to exclude it from the bundle)
    9 │ import { dataApi, knex } from '~/libs/db';

why is the path alias not working?

Hello. I follow documentation for adding lambda authorizer for specific routes.

const api = new sst.Api(this, "Api", {
    // defaultAuthorizationType: ApiAuthorizationType.CUSTOM,
    defaultAuthorizer: new HttpLambdaAuthorizer({
        authorizerName: "LambdaAuthorizer",
        handler: new sst.Function(this, "Authorizer", {
            handler: "src/authorizer.handler"
        }),
    }),
    routes: {
        "GET /private": {
            authorizationType: ApiAuthorizationType.CUSTOM,
            handler: "src/private.handler"
        },
        "GET /authenticate/facebook": "src/auth-facebook.handler"
    }

[8:27 AM] I checked 0.40.1 and latest 0.40.2 -> in both cases produced Cloudformation template contains

[8:27 AM] AuthorizationType: NONE

[8:28 AM] I can set defaultAuthorizationType to CUSTOM, however this apply for all routes and can’t be overwritten with authorizationType for specific routes

Hello guys, I have 2 questions 1. how to set autoPublishAlias 2. how to set provisionedConcurrencyConfig or should that be done through CDK?

Hello again... I'm facing another issue today. Layers are now failing to deploy. To avoid cyclic references, I've moved layers to its own stack - this setup worked fine until today. Now whenever I use

npx sst start

my layer stack breaks the deployment with

stack contains no resources.

I've even put an

sst.Function

with a dummy function in case that fixes the problem. Any ideas why it suddenly started to break?

Hello. Any tips for speeding up 

sst test

 ?  It’s is taking upwards of 15 seconds with about 15 simple test cases.

Hey! Any guidance for larger teams hoping to use SST as part of a mono repo? not the mono-repo specifically, but when looking at the cloud resources deployed, I do see that it’s based on stage - not say, an individual developer. How do we avoid developers stepping on eachothers toes? ie. multiple developers working locally/testing on the same service?

Second question, as I understand it, SST uses a fork or cdk? I read that on one of the pages - which makes sense to me having worked with CDK previously - but I am curious, is there a place we can check the latest supported version of aws-cdk?

Any plans to contribute

sst.json

to https://github.com/schemastore/schemastore ?

is it possible to set buckets’ retain policy to DESTROY for the initial stack deployment, and then later flip that to RETAIN, and deploy to set that retain policy? (I’m deploying a stack in a fresh account and every time there’s a stack deploy error, I have to manually delete all the buckets before trying again)

anyone know what this error means? it’s a first-time deploy:

prod-microservices-api | CREATE_FAILED | AWS::AppSync::GraphQLApi | AppSyncApiEBDAEC17 Failed to assume service-linked role arn:aws:iam::xx:role/aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync, please retry. (Service: AWSAppSync; Status Code: 403; Error Code: AccessDeniedException; Request ID: ba7b1b89-9add-4d89-bbbb-0def2024ff5b; Proxy: null)

I’m in an account with admin access

⚠️ I’ve got a blocker. I can’t deploy my stack.. it keeps throwing this error

wow, here’s a new one, totally out of the blue:

dev-microservices-core | CREATE_FAILED | AWS::S3::Bucket | UploadBucketB0FBA037 API: s3:setBucketAccelerateConfiguration Access Denied

the IAM user doing the deploy has full admin access

anyone else had this problem where you’re in live dev mode, and you (for example) add a new route.. and it just hangs here for like a whole minute?

Rebuilding infrastructure...
Press ENTER to redeploy infrastructure

Deploying stacks

 ✅  dev-microservices-core (no changes)

Howdy folks! I have a problem where cdk/sst don't want to deploy my stack any longer, complaining that the stack contains no resources. It used to work and I can't really think of any relevant changes (short of updating to use latest version). I get this error in `sst-debug.log`:

Stack test-peasy-cognito
[2021-08-25T15:38:18.392] [INFO] default -   Status: failed
[2021-08-25T15:38:18.392] [INFO] default -   Error: The test-peasy-cognito stack contains no resources.
[2021-08-25T15:38:18.393] [ERROR] default - Cannot convert undefined or null to object

My stack looks like this:

import * as cdk from '@aws-cdk/core'
import * as sst from '@serverless-stack/resources'
import * as cognito from '@aws-cdk/aws-cognito'
import * as apigAuthorizers from '@aws-cdk/aws-apigatewayv2-authorizers'

/** Manages the cdk-portions of the `cognito` resource. */
export default class CognitoStack extends sst.Stack {
  constructor (scope, id, props) {
    super(scope, id, props)

    // Cognito authorizers taken from Serverless definitions
    this.userPool = cognito.UserPool.fromUserPoolId(this, 'existingUserPool', cdk.Fn.importValue(`${scope.stage}-CognitoUserPoolId`))
    this.userPoolClient = cognito.UserPoolClient.fromUserPoolClientId(this, 'existingUserPoolClient', cdk.Fn.importValue(`${scope.stage}-CognitoUserPoolClientId`))
    this.userPoolAuthorizer = new apigAuthorizers.HttpUserPoolAuthorizer({
      userPool: this.userPool,
      userPoolClient: this.userPoolClient
    })
  }
}

As you can see, this is bringing in an existing pool that was previously created by serverless.

lib/index.js

includes this bit:

this.cognitoStack = new CognitoStack(app, 'cognito')

If you have ideas or pointers, that would be much appreciated! 🙏

Hi friends! Having a few issues with some cors stuff. I have an api through sst at

<http://api.example.com|api.example.com>

and a web page at

<http://example.com|example.com>

I have a few routes setup, and for the most part everything works fine. However, specifically

PATCH

and

PUT

requests from the web page to the sst API fail from cors preflight request.

DELETE

works fine however which weirded me out a bit. If there's any blatantly obvious thing I'm missing that would be a huge help! I do have an

OPTIONS

route setup as well, that returns an access-control header, as well as on the API construct I have the cors options with the allowed methods and the allowed origins array, with

<https://example.com>

in the allowed origin

I’m currently migrating our monorepo from npm to use yarn and lerna to manage dependencies/packages and having some issues with some of the packaging. I’m not using sst, just serverless and seed. I’ve got yarn and lerna workspaces set up correctly based on what I’m seeing with the lerna outputs and what services deploy in seed due to package updates. However, I think there’s an issue with the packaging itself, maybe it’s hoisting related, I’m not sure. Since migrating our dev env to use this all services have this error:

{
    "errorType": "Runtime.ImportModuleError",
    "errorMessage": "Error: Cannot find module 'jmespath'\nRequire stack:\n- /var/task/node_modules/aws-sdk/lib/request.js\n- /var/task/node_modules/aws-sdk/lib/core.js\n- /var/task/node_modules/aws-sdk/lib/event-stream/event-message-chunker-stream.js\n- /var/task/node_modules/aws-sdk/lib/event-stream/streaming-create-event-stream.js\n- /var/task/node_modules/aws-sdk/lib/node_loader.js\n- /var/task/node_modules/aws-sdk/lib/aws.js\n- /var/task/handler.js\n- /var/runtime/UserFunction.js\n- /var/runtime/index.js",
}

So it seems like all services don’t have the dependencies of the libraries that they use/are in their service specific package.json Anyone have any thoughts here on things to try?

Hey everyone! I'm a newbie on sst, and some things are still not clear to me... I've been trying to create a simple Lambda function without any event (it will be invoked by SES as part of a ruleset...) I tried doing this:

import * as sst from "@serverless-stack/resources";

export default class MtSStack extends sst.Stack {
  constructor(scope, id, props) {
    super(scope, id, props);

    const spamCheck = new sst.Function(this, "SpamCheck", {
      handler: "src/spamCheck.handler",
    });

    this.addOutputs({
      FunctionArn: spamCheck.functionArn,
    });
  }
}

But keep getting some issues on start/deploy:

prod-mts-sst-app-debug-stack | CREATE_FAILED | AWS::Lambda::Function | Connect5B7625CA Template error: IAM role prod-mts-sst-app-debug-st-ConnectServiceRole07B61C-6GL2GT2QJTIS doesn't exist
prod-mts-sst-app-debug-stack | CREATE_FAILED | Custom::S3AutoDeleteObjects | BucketAutoDeleteObjectsCustomResourceBAFD23C2 
prod-mts-sst-app-debug-stack | CREATE_FAILED | AWS::Lambda::Function | Resource 
prod-mts-sst-app-debug-stack | CREATE_FAILED | AWS::Lambda::Function | Disconnect7D6B12BD

Any ideas of how to get it working?

is this the best way to grant unauthenticated users access to just a couple resolvers in AppSync?

props!.cognitoAuth.attachPermissionsForUnauthUsers([
    new iam.PolicyStatement({
      effect: iam.Effect.ALLOW,
      actions: ['appsync:GraphQL'],
      resources: [
        appSyncApi.getResolver('Mutation createSession')!.arn,
        appSyncApi.getResolver('Mutation createEvent')!.arn,
      ],
    }),
  ]);

I know SST is deploying JS + maps to Lambda, but is there anything going on internally during deployment to register those source maps w/ Lambda so they’re associated w/ the JS file? if so, is there a way to disable that? I think it’s interfering with Sentry, maybe. still investigating though