Hi, just wondering if anyone could lend some eyes to my stack overflow question: https://stackoverflow.com/questions/70665151/how-can-i-only-allow-a-specific-origin-to-access-content-from-cloudfront-s3-orig I asked a few weeks back and someone recommended CORS but that doesn't seem to be the solution to my problem 😄

Enabling ISR on a page makes page load times slow, the page document gets fetched at about 700-900ms and I'm fairly sure it's not due to some cold start. Is there a reason for that or am I just doing something wrong? I've followed the tutorial https://serverless-stack.com/examples/how-to-create-a-nextjs-app-with-serverless.html but just modified the index page to enable revalidate with 60 seconds. The page that I added ISR to is having cloudfront misses on all requests:

Something happen with the latest version of SST? I updated ( SST 0.57.4 , CDK 1.138.0)and ensured all cdks are same version. but can’t

yarn start

without error now.

TypeError: Cannot read properties of undefined (reading 'Symbol(@aws-cdk/core.Stack.myStack)')
    at Function.of (/Users/me/Projects/idx/node_modules/@aws-cdk/core/lib/stack.ts:72:37)
    at lambdaAuthorizerArn (/Users/me/Projects/idx/node_modules/@aws-cdk/aws-apigatewayv2-authorizers/lib/http/lambda.ts:100:23)
    at HttpLambdaAuthorizer.bind (/Users/me/Projects/idx/node_modules/@aws-cdk/aws-apigatewayv2-authorizers/lib/http/lambda.ts:74:24)

Gating

SST v0.56.2

issue local only, pipeline works fine.

yarn build --stage dvb-idx

results in these 3 errors…

I’m not able to get my lambda result into a Queue. Not sure how my result should look like.

has anyone gotten XRay instrumentation working in SST when using

sst start

? I keep getting an error:

Error: Failed to get the current sub/segment from the context. at Object.contextMissingRuntimeError [as contextMissing]

but this doesn’t happen once I deploy to production. this probably has something to do with SST’s trickery of executing function code locally

hey folks, my team is planning to use Aurora Postgresql Is there any pattern/good practices using SST for schema migration?

Is there a way within SST to trigger a Function after someone accesses a file from a bucket? For example, to track customer’s’ user’s access to resources for billing purposes. It seems to me this would be the easiest way - but I’m new to this serveless stuff. I’m trying to avoid to create an API endpoint and to do it on resource access directly.

I am having some trouble deploying the React portion to AWS. I haven't tried PROD yet, but I am not ready for this to be "prod" and we have a Wordpress site running where prod will be and it needs to stay up for now. But when I try to deploy to something other than PROD, I am getting errors. Here are what I think are the relevant lines in FrontendStack.js ...

customDomain:
    scope.stage === "prod"
        ? {
            domainName: "<http://colemanrodeo.com|colemanrodeo.com>",
            domainAlias: "<http://wwww.colemanrodeo.com|wwww.colemanrodeo.com>",
        }
        : {
            domainName: scope.stage + ".<http://colemanrodeo.com|colemanrodeo.com>",
        },              
    path: "frontend",

Help would be most appreciated. 🙂

Hey I am having trouble with what I think is a CORS problem. I set up an API with a custom lambda authorizer for some routes and have that working in Postman. When I try the same request in the react site I get Cors errors. I have tried setting the cors setting on the api to allow authorization headers and origins from localhost but can't seem to find a configuration that works. I dont know if its a problem with the authorizer, the API, or maybe the zxios call but if anyone has them working I would love to see an example. Api: (this was me trying every header I could think of but it also failed with cors on default)

const authorizer = new HttpLambdaAuthorizer({  
      authorizerName: "QuizAuthorizer",
      responseTypes: [HttpLambdaResponseType.IAM],
      handler: new sst.Function(this, "Authorizer", {
        handler: "src/authorizer.main",
      }),
      resultsCacheTtl: Duration.seconds(0)
    });

    const api = new sst.Api(this, `api`, {
      defaultAuthorizationType: sst.ApiAuthorizationType.CUSTOM,
      defaultAuthorizer: authorizer,
      defaultFunctionProps: {
        srcPath: "src/",
        environment: {
          NODE_ENV: process.env.NODE_ENV || 'development',
          STAGE: scope.stage,
        },
      },
      cors: {
        allowHeaders: [
          'X-Amz-Date',
          'X-Api-Key',
          'X-Amz-Security-Token',
          'X-Requested-With',
          'X-Auth-Token',
          'Referer',
          'User-Agent',
          'Origin',
          'Content-Type',
          'Authorization',
          'Accept',
          'Access-Control-Allow-Methods',
          'Access-Control-Allow-Origin',
          'Access-Control-Allow-Headers'],
        allowMethods: [
          CorsHttpMethod.GET, 
          CorsHttpMethod.PUT, 
          <http://CorsHttpMethod.POST|CorsHttpMethod.POST>,
          CorsHttpMethod.DELETE, 
          CorsHttpMethod.OPTIONS, 
        ],
        allowOrigins: ['<http://localhost:3000>'],
        allowCredentials: true
      },
      routes: {
        'ANY /quiz': {
          authorizationType: sst.ApiAuthorizationType.NONE,
          function: "lambda.handler",
        },
        'ANY /{proxy+}': "lambda.handler"
      },
    });

And the Axios call the /quiz/<id> route goes through the authorizer

const headers = {
  Authorization: "Bearer 123",
  "Access-Control-Allow-Origin": "*",
  "Content-Type": "application/json",
};

export const getQuiz = async (id) => {
  try {
    const resp = await axios.get(
      `${process.env.REACT_APP_API_URL}/quiz/${id}`,
      { headers }
    );
    return resp.data;
  } catch (err) {
    console.log(err);
    return { error: err.message || "Unknown Error getting Quiz" };
  }
};

hey, quick Q: Lambdas that use EFS storage don’t work in

sst start

mode, correct? I think I remember reading that in a previous conversation. that hasn’t changed at all, I assume?

I'm using Lambda layers in a python project, and can confirm layers are being included correctly via the AWS console. However, I'm not sure I'm excluding the layers from my lambda functions correctly, since my lambdas are still fairly large (30+MB)

export default function main(app: <http://sst.App|sst.App>): void {
  const requestsLayer  = (stack) =>  LayerVersion.fromLayerVersionArn(stack, "requestsLayer", requestsLayerArn);
  const psycopgLayer  = (stack) =>  LayerVersion.fromLayerVersionArn(stack, "psycopgLayer", psycopgLayerArn);

  app.setDefaultFunctionProps((stack) => {
    // other config omitted
    const props = {
      runtime: "python3.8",
      srcPath: "src",
      logRetention: config.logRetention,
      layers: app.local ? [] :[requestsLayer(stack),psycopgLayer(stack)], // <--- this is working
      vpc: vpc,
      subnets: vpc.publicSubnets,
      securityGroups: [securityGroup],
      bundle:{
        externalModules: app.local ? [] : [requestsLayer,psycopgLayer] // <--- should this work ??
    }
    return props;
  }
}

Hey guys, I have an API endpoint that has

ApiAuthorizationType.NONE

The question is how do I detect whether a logged-in user made a request to this endpoint as

event.requestContext.authorizer

doesn't exist for

ApiAuthorizationType.NONE

endpoints. I'm using

AWS_IAM

as my authorization type for authenticated APIs. Thanks.

How would recommend to structure a deliverable script with SST? For example, our product would be available on domain.com/3.0.1/bundle.js available for our customers to link on their websites with a <script/> tage Second part of the question, ideally, how to handle the version of it with SST? • cdn.com/latest/ -> cdn.com/3.0.1/bundle.js • cdn.com/1.0.0/bundle.js • … • cdn.com/3.0.1/bundle.js I’m thinking about StaticSite as this already creates a CDN, handle custom domains, etc but I’m not sure it will be able to handle versioning.

Hello everyone! We have a NextJS website deployed to AWS via sst, our java backend is completely separated from it. It’s the second time in a couple of weeks that we receive warnings from CloudWatch caused by the default NextSiteApiFunction lambda created on deployment by sst. The logs read as follow:

{
  "errorType": "Runtime.UserCodeSyntaxError",
  "errorMessage": "SyntaxError: Unexpected token 'export'",
  "stack": [
    "Runtime.UserCodeSyntaxError: SyntaxError: Unexpected token 'export'",
    "    at _loadUserApp (/var/runtime/UserFunction.js:98:13)",
    "    at Object.module.exports.load (/var/runtime/UserFunction.js:140:17)",
    "    at Object.<anonymous> (/var/runtime/index.js:43:30)",
    "    at Module._compile (internal/modules/cjs/loader.js:999:30)",
    "    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)",
    "    at Module.load (internal/modules/cjs/loader.js:863:32)",
    "    at Function.Module._load (internal/modules/cjs/loader.js:708:14)",
    "    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)",
    "    at internal/main/run_main_module.js:17:47"
  ]
}

This burst of errors is limited to a 15 min timespan, before & after the logs are are fine with no other issues reported. We’re not making any use of the

/api

routes in the NextJS project so we don’t need any support for its “backend”. Would you have any tip on how to troubleshoot this issue? Thank you in advance!

I just want to say a HUGE thank you to all the SST team that help out in this channel, but most of all I’d like to thank @thdxr for helping us though a doozy of an issue yesterday that we’ve been struggling with for days. Things are now resolved and our code is cleaner and even better than before. Thanks @thdxr! As SST continues to grow… it’s success is going to be because of people like you. ❤️

NextJsSite Bug Previous person with similar issue: https://serverless-stack.slack.com/archives/C01JG3B20RY/p1641330960446700 Actions: Updated from

0.53.2

to

0.58.0

. No other actions. Symptoms:

staging-ResonanceWebAppAdminIdentity-AdminIdentityWebAppStack | CREATE_FAILED | AWS::Lambda::Version | AdminIdentityWebAppNextJsSiteApiFunctionCurrentVersion42206DF251f45f4f60760bb3fec1986818833736 | A version for this Lambda function exists ( 2 ). Modify the function to create a new version.
staging-ResonanceWebAppAdminIdentity-AdminIdentityWebAppStack | CREATE_FAILED | AWS::Lambda::Version | AdminIdentityWebAppNextJsSiteImageFunctionCurrentVersionFEA047D3cea01b8892c8bacfeceb61e122debf40 | A version for this Lambda function exists ( 2 ). Modify the function to create a new version.
staging-ResonanceWebAppAdminIdentity-AdminIdentityWebAppStack | UPDATE_FAILED | AWS::Lambda::Function | AdminIdentityWebAppNextJsSiteMainFunctionCFE178A8 | Resource update cancelled

👋 is there a simple way to get the current stack from within a construct? I use

scope.node.root

to get the overarching sst App but I'm trying to get the stack such that I can pass it to

cdk.Arn.format

Opinions Wanted: Now that we are using CDK/SST quite extensively…. a realization about APIGateway APIs has hit me. Many 3rd-Party constructs that handle one small piece of functionality and that need a gateway + lambda to work, often create that gateway and function in a silo (not adding to existing API) likely because they perform a very small task outside of the larger project. Eg. @cloudcomponents/cdk-contentful-webhook This is just a webhook that a app hits and not an end-user. I’m even noticing this within our own code; the desire to just keep APIs silo’d vs merging. Right now our platform stack has 4x APIs in it. So here is the question… which is the better practise? Are there certain scenerios where it does / doesn’t matter? Is there a performance hit at all?

TypeError: Cannot read property 'slice' of undefined

at new Function (/home/dkershner/repos/resonanceapps-monorepo-supply-customdata-manager/node_modules/@serverless-stack/resources/src/Function.ts:184:8)

Version 0.58.0, also received on 0.53.x This is a very simple stack, creating one lambda function. The error occurs on

build

. The code in the stack trace is

// Merge with app defaultFunctionProps
    // note: reverse order so later prop override earlier ones
    stack.defaultFunctionProps
      .slice()
      .reverse()
      .forEach((per) => {
        props = Function.mergeProps(per, props);
      });

Does

sst.API

support Service Integrations or should we be using CDK’s

apigw.RestApi

?

[SST Console Idea]: EventBridge Bus Tracing/Logging (similar to local invoctions)

Are there any more examples of testing stacks hanging around?

Hey all, Cloud*Flare*/Cloudfront question. I am using the normal

StaticSite

construct to deploy a CloudFront backed S3 site, all working great. I have a

<http://uxuxxuu.cloudfront.net|uxuxxuu.cloudfront.net>

url. I then attempted to go to Cloud*Flare* and setup a CNAME from my domain to this CloudFront url. This did not work and resulted in a CloudFront 403 error. Turns out you need to add alternate domains to the CloudFront instance to allow access to it. So to test this I manually pop'd into the AWS console and added an alternate domain to the CloudFront instance. However in order to do this I have to use ACM to get a certificate. Certificate required the domain I wished to use, and gave me a CNAME entry I had to enter into Cloud*Flare* to prove I have permissions for the domain. This went pretty quick and once the cert was validated, I added the alternate domain to CloudFront and added the newly requested cert. After a couple seconds everything was connected and my custom domain worked. So ended up with Cloud*Flare* DNS -> CloudFront -> S3. Which is what I wanted. So why am I writing all this? Well I am curious if SST can help me with any of this process. I am going to assume the answer is No, as I need to manually enter the cert info into Cloud*Flare* to get this working. However there is an API so maybe this could get automated... Either way I am wondering if SST can help with any step here, maybe it can create the AWS Cert for me, then I would manually have to go in and get the info, add it to Cloud*Flare*, and add the alt domain to the CloudFront instance. All of this would only need to be set in production, and once set once should be ok. I also wanted to confirm no one sees any major issues with manually going into AWS and adjusting these things after the SST deploy. Any reason future deploys would mess with this? Or does it seem fairly safe to setup once and be good? Our Org is all about Cloud*Flare* so we want to stick with it, otherwise we would just go all in on Route53/CloudFront, but I have been asked to make sure Cloud*Flare* stays in the mix. Any thoughts, concerns, experience would be greatly appreciated! Thanks!

Hey. I'm going through the Organizing Serverless Projects and it seems that you're mixing SST and Serverless, wich is somewhat confusing to someone who just recently started using SST (I love it BTW). Is this still the recommended way of organizing SST projects, and if not, do you have examples of organizing SST projects that doesn't involved Serverless? @Frank

Hey all - am looking at SST for full-stack internal tooling, specifically having resources protected via ALB authentication (Figma have a good blog post about this pattern - https://www.figma.com/blog/inside-figma-securing-internal-web-apps/). However, all the examples for SST that I’ve seen are geared towards auth using amplify/public API gateways & Cloudfront. Is my use case/this auth pattern a little far out for SST right now? Essentially we decouple authentication from applications by making applications (ECS clusters rn) only accessible via ALB, and using the ALB built in authentication screens to log users in from a cognito pool.

Is there a way to get restApi/ApiGatewayV1Api NOT to use the stage in the url? eg. this

<https://xxxxxxx.execute-api.us-east-1.amazonaws.com>

not this

<https://xxxxxxx.execute-api.us-east-1.amazonaws.com/stage_here>

Following through the SST docs to add an existing cert for a custom domain, here https://docs.serverless-stack.com/constructs/StaticSite#importing-an-existing-certificate-route-53-domains I keep getting this warning

[WARNING] @aws-cdk/core.ConstructNode#metadata is deprecated.
  use `metadataEntry`
  This API will be removed in the next major release.

Hard to pinpoint exactly what's causing it but I think its the call to

certificate: Certificate.fromCertificateArn(_this_, "MyCert", certArn),

which seems to come from the CDK. So far only able to find this (https://github.com/aws/aws-cdk/issues/17633) so maybe a CDK version bump will do it. Anyone else seeing this warning?

Hello. I’m following the guide, but commands are failing with

Error: Cannot find module 'SST'

. On Create an SST app, the commands were successful. On Create a Hello World API, this happens –

> npx sst start
Using stage: [...]
Preparing your SST app

=======================
 Deploying debug stack
=======================

internal/modules/cjs/loader.js:905
  throw err;
  ^

Error: Cannot find module 'SST'
Require stack:
- [...]/notes2/node_modules/@serverless-stack/cli/assets/debug-stack/bin/index.js
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:902:15)
    at Function.Module._load (internal/modules/cjs/loader.js:746:27)
    at Module.require (internal/modules/cjs/loader.js:974:19)
    at require (internal/modules/cjs/helpers.js:93:18)
    at Object.<anonymous> ([...]/notes2/node_modules/@serverless-stack/cli/assets/debug-stack/bin/index.js:28:17)
    at Module._compile (internal/modules/cjs/loader.js:1085:14)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
    at Module.load (internal/modules/cjs/loader.js:950:32)
    at Function.Module._load (internal/modules/cjs/loader.js:790:12)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:76:12) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [
    '[...]/notes2/node_modules/@serverless-stack/cli/assets/debug-stack/bin/index.js'
  ]
}
Subprocess exited with error 1
There was an error synthesizing your app.

That not working, I then had some success with the commands per the README, e.g.

npm install

,

npm run deploy

but then

npm run remove

failed as above. Occam’s razor says it’s my environment somehow, but while I’m new to SST I have happily used Node / npm for many projects before. I’m stuck, and SST is so promising otherwise!

Hi all, fresh sst serverless typescript install, it seems that using node-fetch: ^3.0.0 causes an error at build. Error [ERR_REQUIRE_ESM]: require() of ES Module [….]/_trials/sst-ts/node_modules/node-fetch/src/index.js from [….]/_trials/sst-ts/node_modules/@serverless-stack/core/dist/telemetry/post-payload.js not supported. Instead change the require of index.js in [….]//_trials/sst-ts/node_modules/@serverless-stack/core/dist/telemetry/post-payload.js to a dynamic import() which is available in all CommonJS modules. Any idea how to fix this ?