Hi guys, I am trying to set up a postConfirmation trigger with a lambda function but run into

Cannot find module

exception. Any idea?

Hey guys, I’ve been running in to some issues with using UserPools and API auth - I’m hoping someone here has some insight and can point me in the right direction on one of the two problems… So I’ve got an

Api

construct that I’m trying hide behind an authorizer. Problem 1 I initially set up to use a UserPool authorizer, and all was well until I tried to use a JWT that I knew had expired - api returned with a 200 and everything processed as though the JWT was valid. I did some reacding around and fixing for about 8 hours and found out that Cognito doesn’t revoke access tokens unless a global sign out is triggered, obvious not what I want. I couldn’t find any settings in the AWS Console or in the CDK (or SST) docs that would help me with rejecting the request if the JWT was expired. Problem 2 So I started looking at using a Lambda authorizer instead, more work but at least I can guarantee it handles the token as I expect. I got a lambda in place, it’s being called and is kicking out a

callback("Unauthorized");

response. The api, however, returns a 500 response instead of the 401. I’m at a complete loss on both of these approaches. Any thoughts/feelings?

Has anyone used the Script construct to generate docs using tsoa as part of the deploy process? When using the script construct, it looks like the only the relevant files related to the function thats being executed are zipped. Is it even possible to include the src directory?

[FAILED] from custom resource. Message returned: [src/**/*Controller.ts] globs found 0 controllers.

export class GenerateDocsStack extends sst.Stack {
    constructor(scope: <http://sst.App|sst.App>, id: string, props: GenerateDocsStackProps) {
        super(scope, id, props);

        const { bikeApi } = props;

        new sst.Script(this, 'Bike-Api-Docs', {
            onCreate: {
                handler: 'src/generateDocs.create',
                permissions: ['apigateway'],
                environment: {
                    apiId: bikeApi.httpApi.httpApiId,
                    region: scope.region,
                },
                timeout: 500,
            },
        });
    }
}

for example this is my generateDocs.ts

import { InternalServerError } from '@local/errorTypes';
import { ApiGatewayV2 } from 'aws-sdk';
import { ExtendedSpecConfig, generateSpec } from 'tsoa';

export const downloadApiGatewaySpec = async (apiId: string, region: string): Promise<Record<string, unknown>> => {
    const apiGatewayV2 = new ApiGatewayV2({ region })
        .exportApi({
            ApiId: apiId,
            OutputType: 'JSON',
            Specification: 'OAS30',
        })
        .promise();

    try {
        const apiSpec = await apiGatewayV2;
        const apiString = apiSpec.body?.toString();
        return Promise.resolve(apiString && JSON.parse(apiString));
    } catch (e) {
        console.log(e);
        return Promise.reject(e);
    }
};

const deepMergeApiSpec = (apiGatewaySpec: Record<string, unknown>) => {
    const specOptions: ExtendedSpecConfig = {
        entryFile: 'src/handlers.ts',
        description: `Api docs`,
        specVersion: 3,
        outputDirectory: 'docs',
        controllerPathGlobs: ['src/**/*Controller.ts'],
        noImplicitAdditionalProperties: 'throw-on-extras',
        spec: apiGatewaySpec,
        specMerging: 'deepmerge',
    };
    // TODO: push to S3
    return generateSpec(specOptions);
};

export const create = async () => {
    const { apiId, region } = process.env;

    if (!apiId || !region) {
        throw new InternalServerError(`Unable to generate api docs. Check apiId ${apiId}`);
    }

    try {
        console.log(`Generating docs for apiId: ${apiId}`);
        const apiGatewaySpec = await downloadApiGatewaySpec(apiId, region);
        await deepMergeApiSpec(apiGatewaySpec);
        return { statusCode: 200, message: 'Success spec generated' };
    } catch (e: any) {
        console.log(e);
        throw new InternalServerError(e.message);
    }
};

Anyone here using Aurora Serverless and successfully enabled event scheduler? So far I've created a new cluster parameter group, set the proper (I think) variable and redeployed everything thru sst. Didn't see any difference, even though I'm testing on a "pausable" instance that surely managed to spin down and up again in the meantime

Hi everyone. Quick question. Should I define all fields in the

Table

construct or just the ones used for indexes? Since it’s unlikely that all Items will have the same non-index fields, I’d expect the answer to be just index fields. Is that correct?

Weird one guys: Got an

Api

with a default authorizer set up, but when I change one of the routes to use the

NONE

auth type it doesn't apply. Any ideas? Looked through the sst source for the construct and it looks like it should be picking up my change, but it just doesn't:

new Api(this, "Api", {
            httpApi: {
                apiName: `${this.stage}-${scope.name}-auth`
            },
            routes: {
                "POST /access": {
                    handler: "src/auth/test.handler",
                    authorizationType: ApiAuthorizationType.NONE,
                },
            },
            defaultAuthorizationType: ApiAuthorizationType.JWT,
            defaultAuthorizer: new HttpUserPoolAuthorizer({
                userPool: this.cognito.cognitoUserPool!,
                userPoolClient: this.cognito.cognitoUserPoolClient!,
            })

Terminak:

Rebuilding infrastructure...
No infrastructure changes detected

I can actually change the auth type to anything and it doesn't pick it up. Any ideas?

Hi Everyone. Our team has recently started using serverless-stack. I was wondering, is there any good automated tool to visualize the infrastructure generated? I’d love to have a nice diagram for our documentation which is always up to date.

Hi all. Loving SST so far, but had a question around running

sst start

after previously having deployed while using the React Site construct. I’ve noticed that every time

sst start

is run it clears out the deployed site whereas I expected it to spin up a separate debug stage and stack and leave the deployed stack intact. Is this intentional? Is there a way to maintain the deployed stack while also debugging - perhaps through stages? Thanks for the help!

Another unrelated question: The docs suggest using

sst-env

for starting the react app locally, but sometimes I want to start the react app pointed at dev/staging deployed services or simply don’t want to have to wait for the debugging stack to deploy - I could have a separate start script, but then I’d be potentially duplicating .env variables in another place. Curious if anyone has a pattern for accomplishing this.

@Frank we are having an issue with ReactStaticSite configured with a cloudfront distribution. It appears that the distribution is getting stuck deploying for a long period and then the custom resource associated with it times out and things rollback. While this is happening, if I inspect the associated s3 bucket, the static files that the origin is configured with are not there. The only static files are the ones from the previous deploy. So it appears that it is updated the distribution origin before any updated files are pushed to the S3 bucket. The worst part of this is that our site is down while this is happening (AccessDenied errors). We are on 0.40.5 and this issue seems similar to https://serverless-stack.slack.com/archives/C01HQQVC8TH/p1633997756368600 so I'm wondering if this is something that has already been addressed and fixed in a newer version.

@Frank I'm running into this. Did you guys push an update today, or make some breaking change?

npx sst deploy
npx: installed 1 in 0.947s
command not found: sst

hey guys, think I’m missing something on the configuration end for deployment performance. I am deploying a UI Next.js site that redeploys everything no matter on every deployment. My deployments are always around 10 minutes right now which is high for what I have. Probably just missing something simple

I'm trying to get an SST python REST API running inside a Docker container (to fit within the development setup of my peers). The

npm run start

works well and the live lambda environment spins up just fine. However, when I hit an endpoint, I get a JSON parsing error

Do you know if it is the size of the Lambda with layers included, or just lambda itself?

How do I get the

sst.ApolloApi.apiEndpoint

minus the protocol (http://). I need to feed just the domain into a a new origin….

staticSite.cfDistribution.addBehavior('/api/*', new origins.HttpOrigin(api.justDomain))

Is there a way to customize the

sst.ApolloApi

to use a custom path? We’d like the root method to be at

/api

This is so that we can put the api behind a Cloundfront Distro as a reverse proxy at

<http://mydomain.com/api|mydomain.com/api>

CF origins seem to always pass the path from the front end, so there is no way to have it be

/api

on the distro and

/

behind the scenes. (at least without a cloudfront function) Annoying I know.

Hi, I am building an app with React Native. While the user is creating a new account, they can select their username. I have set up an event that when the user has stopped typing there should be a network request to check if the username is busy or not. I use cognito to store my users, I am more of a frontend developer. What would be the best way to create an endpoint that checks if the username is busy without creating a way to DDOS myself?

Hey ssters! What's your default for protecting ApiV2 endpoints against DDoS and other web threats? I start off with placing throttling mechanisms but v2 seems awfully poor in configuration options.. Read up on WAF but again, v2 doesn't support it. What I imagined so far is that I'd need to put CF in front of an Api gateway and then WAF in front of CF and perhaps do some lambda@edge to do more granular throttling (like single ip/user calls/sec or sth). Any useful pattern would be appreciated here 🙂

These lambda log retentions are going to be the death of me, they cause a lot of issues when trying to deploy. Normally I get some conflict issue but now I am getting rate exceeded errors too. Anyone have any solutions for these?

sst remove

is failing to remove my stack with the message "construct does not have an associated node. All constructs must extend the "Construct" base class"

Hey guys, I need to get the “user IP” which consumes my API. My API it’s an API GW v2 which triggers a Lambda. Should I use

$context.identity.sourceIp

? or how should I do it?

Having a Typescript issue when attempting to

grantDataApiAccess()

to an RDS Serverless Cluster. It looks like the type signature for the return value of

api.getFunction()

(

Fn | undefined

) doesn’t match what

grantDataApiAccess

is looking for (

IGrantable

). Has anybody encountered this issue before? Thanks for the help! Code:

cluster.grantDataApiAccess(api.getFunction('GET /test'));

Error:

Argument of type 'Function | undefined' is not assignable to parameter of type 'IGrantable'.
  Type 'undefined' is not assignable to type 'IGrantable'.ts(2345)

anyone have any tips on setting up an SST repo for CI/CD? that is, ensuring it runs as quickly & efficiently as possible, to reduce time spent building and deploying

Hello. Working on CloudWatch Logs Insights, I want to exclude if the message includes

bodyObject

: I did these two, but not working, they are still present:

| filter _@message_ not in ['INFO bodyObject']

| filter _@message_ not in ['bodyObject']

Any idea how I can filter it out?

How do I go about logging and getting metrics for a sst Api and its Functions. SEED gives me some info but I would like to be able to get these metrics via CloudWatch as well. Has anyone attempted anything similar or knows how I could attempt this myself?

I've spent the better part of a day trying to upgrade from 0.40.5 -> ^0.46.1 and keep running into issues with function bundling behavior. We currently have a folder with our go lambda code in one directory where the sst.json lives. We have another node lambda up a level in another folder. The sst.Function props for the path are:

srcPath: '../js/mylambda',
handler: 'src/index.handler'

This seems to work fine in live debug mode (as well as with 0.40.5 if we drop srcPath and set handler to full path), but when this is actually deployed, the handler set on the lambda is:

../js/mylambda/src/index.handler

and it looks like I have a package.json and package-lock.json and a node_modules folder but no source code. I need some guidance on the quickest way to get this working again 🙏

I guys. I'd like to share my experience using Step Functions. If you write a async function, you can return its result without resolve it using await. Just do something like that:

export function handler (event: any) {
  return myAsyncFunction(event)
}

But, when working with a synchronous function (that does not return a Promise) is necessary to use something like that:

import { Callback, Context } from 'aws-lambda';

export function handler (event: any, context: Context, callback: Callback) {
  const output = mySyncFunction(event)
  callback(null, output)
}

If you try to return the result directly, you will get a null input in the next step.

Is the local development experience compatible with the NextJS construct? I created a new api endpoint but the SST CF endpoint provided is not resolving my new nextjs api path

We’re running into issues on Seed with CDK Bootstrap: Its a fresh created AWS account + deployment IAM has admin rights + first deployment to production stage. Anyone who has the same behavior?

Waiting for stack CDKToolkit to finish creating or updating...
Call failed: describeStacks({"StackName":"CDKToolkit"}) => Stack with id CDKToolkit does not exist (code=ValidationError)
Stack CDKToolkit does not exist

The environment <aws://XXXXXXXXXXXXXXX/eu-west-1> doesn't have the CDK toolkit stack (CDKToolkit) installed. Use cdk bootstrap "<aws://XXXXXXXXXXXXXXX/eu-west-1>" to setup your environment for use with the toolkit.

Just chiming in to pass on my appreciation for SST. Just found myself saying out loud…

“Man, SST is the 💣 ”