Hi there 👋, I’m new to SST but super-excited about its potential for faster development. I’m trying to build an API using SST that accesses Google Calendar. For this, I created a service account in the Google API dashboard and got a JSON file that contains all necessary secrets and tokens. My general question is how secrets like these are handled in SST? Especially when they are not just API token strings, but files. I usually use

dotenv

and .env files but this doesn’t seem to be the way to go with SST or CDK. Also, the information on the SST site reference the Serverless Framework and `serverless.yml`files a lot, but I wanted to not use this framework for this project. Could you provide some SST-specific information for the handling of secrets on the site maybe? Thanks! 🙏

Given the following definition

const table = /* table stack */

const api = new sst.Api(this, 'Api', {
  routes: {
    'GET /restaurants': {
      handler: `src/functions/get-restaurants.main`,
      environment: {
        RESTAURANTS_TABLE_NAME: table.dynamodbTable.tableName,
      },
    },
  },
})

I want to give that particular route only scan access to dynamodb. Is the code below correct or do I need to use to specify a complete IAM policy

api.attachPermissionsToRoute('GET /restaurants', [table, 'dynamodb:Scan'])

Also is it possible to specify permissions in-line with the route definition?

Hi Everyone, I was wondering if anyone has come across trying to lambda function invocations within an API gateway triggered lambda function? Would it be best to declare the function as a standalone in the "myStack.js" and then invoke it using the aws-sdk?

Hey guys!

S3

question. I can’t upload images to the S3 bucket when I set

useAccelerateEndpoint

to

true

. Does anyone has encountered this problem? I can retrieve an upload URL, but I’m not able to upload something with it. The error returned is:

S3 Transfer Acceleration is not configured on this bucket.

Hey All. I spent some time setting up a Go SST rest Api yesterday which all works great but when i added Dynamo DB to it i cant seem to get it working locally. I’m using Dynamo’s putItemWithContext API which doesn’t throw any errors but also doesnt seem to write to the table and instead returns an empty struct. Any ideas?

When I followed through the Apollo GQL example: https://serverless-stack.com/examples/how-to-create-an-apollo-graphql-api-with-serverless.html I run into the issue below, is anyone else seeing this?

Hello! 👋 We're using Seed for two projects (awesome tool, thank you!) and I have a question about unqualified vs qualified Lambda ARN... We have

project-serverless

repo which contains our serverless services. Then we have

project-main

repo which contains EventBridge and some other resources in a regular CFN template. So we're deploying updates to

project-serverless

through Seed, and then exporting the ARN for those Lambdas in

serverless.yml

and importing them into

project-main

. I ran into some cross-stack dependency errors when trying to import the qualified ARN into

project-main

, and then doing another deploy to

project-serverless

. So now I'm importing the unqualified ARN (without the Lambda version number at the end) into

project-main

, so

project-main

is always pointing to the LATEST version of the Lambda. And that solves the cross-stack dependency errors, so now I'm able to do deploys to

project-serverless

and everything seems to work. 👍 Question: Will importing the unqualified ARN in

project-main

cause us any issues down the road? Is it possible that at some point on prod as we're deploying updates to

project-serverless

through Seed that LATEST may not be deployed on prod? Hope that makes sense. Thank you for the help! 🙂

Hello, I am starting to use SST, I want to deploy my REST API in API Gateway but once the api created by default following the documentation tutorial is deployed, it is HTTP type. I would like to know if there is any way that the API created in API Gateway is of type REST

Is it possible to define aws profile in sst.json ?

Hello Friends , any idea about how to use amplify's existing graphql schema into cdk?

heya! I've attempted to gain access to the pdf/ebook, but not received any emails in the past hour? i have attempted two different gmail accounts, neither have worked checked spam folders and all that

Hi, it's my first message here so first things first I wanted to say that SST looks absolutely awesome! I'm warming up to use it in a going-to-production project. Since I'm relatively new to CDK (and SST) I wanted to ask for a small bit of advice - so that I don't go straight into a rabbit whole right from beginning 😄 1. My app will be composed out of a. S3 bucket hosting a "widget-like" JS library (self contained react app that can be dropped onto any page to deliver certain functionality) - with CloudFront in front of it for performance b. Sample/demo-page referencing the widget - hosted from S3 bucket (bucket number 2 🙂 ) c. Api gateway endpoint reading data from yet another S3 bucket - this endpoint will serve data to the react app (JSON config that react app will need to work). Again CloudFront will be in front if this one I would like to have stack-per-feature-branch on top of some more "fixed" stages like staging & prod. I want to make sure that when I build the stack - it gets all of it's resources unique - I will need to move it to a seperate/tightly controlled AWS account for prod deployment - I want to ideally avoid asking for anything to be created manually - just change stage to prod, swap the AWS keys and deploy it there I need to do a bit of "plumbing" here: 1. React app needs to know what's the url of the api gateway when it's being built - it will be making calls to that endpoint in runtime 2. Sample/demo-page needs to know where is the bucket where react-app is stored Out of this the order looks a bit like this: Create API gateway (and underlying S3) -> Build react app -> Create S3 & deploy React app to it -> Create S3 and deploy demo-site to it (demo site is just bunch of static files). What's the best way to pass those variables around? Should each of those "stages" as I mentioned them above be a seperate stack? Should I then be deploying every stack individually? Not sure also where to plug the actual react app build. I ideally want to have a way to deploy the whole thing from local machine - so that I don't don't do all the plumbing in CI/CD (so that devs can quickly just boostrap another stack from local env and work on whatever crazy feature they need to add 🙂 ). Sorry for a whole wall of text 😛

Hey guys, is there an easy way to create a Websocket API using any of the existing constructs?

Hello there 👋 I would like to thank you the wonderful team behind SST. I'm very happy to be a seed customer when I see the amazing product you build. I plan to migrate some services from

serverless-framework

to

SST

but I have some ApiGateways protected by an api key. According to @Frank https://serverless-stack.slack.com/archives/C01JVDJQU2C/p1617958912086200

ApiGatewayV1Api

allows using

Api Key

. I didn't find any example showing how to achieve this. Can someone provide me with an example? Thanks

I'm getting the following when running

sst remove

Removing stacks

Error: Inline source not allowed for nodejs14.x
    at verifyCodeConfig (D:\serverless\production-ready-serverless-workshop-sst\backend\node_modules\@aws-cdk\aws-lambda\lib\function.ts:1022:11)

I'm going though the identity pool section of the walkthough and trying to grant the identity pool authenticated role permissions to talk to to api gateway: https://serverless-stack.com/chapters/configure-cognito-identity-pool-in-cdk.html Previously in serverless.yaml I had

- Effect: 'Allow'
   Action:
     - 'execute-api:Invoke'
   Resource:
     Fn::Join:
       - ''
       - - 'arn:aws:execute-api:'
         - Ref: AWS::Region
         - ':'
         - Ref: AWS::AccountId
         - ':'
         - Ref: ApiGatewayRestApi
         - '/*'

What would be the equivalent in cdk given I have a

api = new sst.Api

this.role.addToPolicy(
  new iam.PolicyStatement({
    effect: iam.Effect.ALLOW,
    actions: ['execute-api:Invoke'],
    resources: [api.httpApi.???],
  }),
)

Would it be easy to allow us to pass in plugins for esbuild?

ah would I upload that zip to s3 and then pass its location as asset parameters

Hey guys, I'm encountering a problem where the debug stack appears to restart when logging the response of a lambda that returns a base64 string.

Hey all, having some issues following the https://serverless-stack.com/chapters/setup-the-serverless-framework.html guide - Getting errors executing locally

serverless invoke local --function hello

on multiple computers and different node versions. Error logs inside the thread.

Hey Folks, is the SST equivalent of the following command :

$ serverless invoke local --function get --path mocks/get-event.json

to mock the API URL provided by the SST output via Postman?

There was a github issue raised in November on the guide around this but I don’t think there’s been any updates?

Hey everyone. I'm using Seed to deploy my serverless project, and I'm running into a permissions issue. Trying to give a Lambda permission to delete an S3 file from a bucket. Here's part of `serverless.yml`:

provider:
  name: aws
  runtime: nodejs12.x
  memorySize: 128
  lambdaHashingVersion: 20201221
  iam:
    role:
      statements:
        - Effect: 'Allow'
          Action:
            - s3:DeleteObject
          Resource: 'arn:aws:s3:::xyz-user-downloads-dev/*'
        - Effect: 'Allow'
          Action:
            - s3:DeleteObject
          Resource: 'arn:aws:s3:::xyz-user-downloads-prod/*'

But when I deploy through Seed and then check the permissions shown for that Lambda in the AWS console, I only see CloudWatch Logs permissions (screenshot attached). TIA for your help!

Hi! We're wondering how the Github integrations exactly works. Our project's set up as a monorepo and currently we're working on splitting up out Github workflows into a workflow per service if any changes are detected in that directory. This means however that when a PR gets merged into master it would trigger multiple workflows, would Seed then wait for all these workflows to finish successfully before triggering a deployment?

And following that, if we would use the same branch for both staging and production deploys (with a manually dispatched workflow), can Seed deploys be hooked into these workflows?

Hi wondering if anyone has any help with my stack problem. The problem we have is we want to listen to a pre-existing S3 bucket for updates. So we added an

AwsCustomResource

. The questions are: • is this the best way to do this? • and if so, we are getting an error

Cannot read property 'statements' of undefined

in

AwsCustomResource

Hey @Jay 👋 Just want to make sure you received the video that I sent through the chat in Seed. Not super urgent but it is blocking us from deploying something so I'm curious to hear your thoughts when you get a chance. Thanks!

If full access to cloudformation is added to a user, does that mean that user can spin and use other stacks created by other SST users?

Hi SST fam. This isn’t specific to SST in general, but figured people might be able to help me with this. How can I set SNS delivery policy (maxReceivesPerSecond) via CDK?

so if it happened in aws lambda how can I upload the file directly to s3 without creating a file