Hey guys, I'm trying to trigger one of our lambdas from cloudtrail events, specifically IAM events. These events only come through on the global region (us-east-1), and so my event bus and pattern needs to be in this region. However the main region for my stacks are in eu-west-1. Any tips on if/how I can achieve this in SST within the same app? With CDK I would just pass in a different region in the env when creating the stack that contains my event bus. Is this possible at all in SST? Or do I need to deploy a separate app for my us-east-1 resources. Thanks.

Anyone know how I can add a

applyRemovalPolicy(cdk.RemovalPolicy.RETAIN)

to inline policies on a role?

roleCleanup.addToPolicy(
      new iam.PolicyStatement({
        effect: iam.Effect.ALLOW,
        actions: ['events:DeleteRule'],
        resources: [ cronCleanupArn ],
      }),
    )

I’m getting the known error:

Mismatched versions of AWS CDK packages. Serverless Stack currently supports 2.7.0. Fix using:

  npm install @aws-cdk/aws-chatbot@2.7.0 @aws-cdk/aws-cloudwatch@2.7.0 @aws-cdk/aws-cloudwatch-actions@2.7.0 @aws-cdk/aws-sns@2.7.0 --save-exact

Learn more about it here — <https://github.com/serverless-stack/serverless-stack#cdk-version-mismatch>

but this error persists after running

npx sst add-cdk @aws-cdk/aws-chatbot@2.7.0 @aws-cdk/aws-cloudwatch@2.7.0 @aws-cdk/aws-cloudwatch-actions@2.7.0 @aws-cdk/aws-sns@2.7.0

which opens an interactive mode as these versions don’t exist. Does anyone have any ideas of how I can resolve this?

Hey there, just a quick question. If I init a sst typescript project, can I make python lambdas that are deployed within that project by defining the runtime? There won't be a conflict due to different languages, right?

I’m running

sst deploy

on an EC2 instance as part of our build pipeline, and having problems getting it to use an AWS_PROFILE that resides in another account. In

~/.aws/config

the profile looks like so:

[profile sandbox]
role_arn = arn:aws:iam.../SandboxAdmin
region = eu-west-2
credential_source = Ec2InstanceMetadata

and the pipeline just tries to run

AWS_PROFILE=sandbox sst deploy --stage test

, but the error I get is:

reparing your SST app
Deploying stacks
AccessDenied: User: arn:aws:sts::035571076409:assumed-role/GitlabRunner/i-0da27111607bdae26 is not authorized to perform: cloudformation:DescribeStacks on resource: arn:aws:cloudformation:eu-west-2:... because no identity-based policy allows the cloudformation:DescribeStacks action

What's going on after

sst build

outputs

Run npx sst deploy to deploy to AWS.

? It sometimes hangs there instead of exiting.

is it possible to tell (with in a func) if

enableLiveDev

is enabled for that function? through some sort of env var maybe?

is it possible to set desired AWS profile in sst.json? where are the sst.json docs?

Is there anyway to deal with a scenario where the SiteStack needs the api url from the ApiStack and the ApiStack needs the url for the site? In other words they each need the output of the other to populate the Environment variables of the other?

i just randomly got

Resource handler returned message: "Uploaded file must be a non-empty zip

after i have been deploying non stop for the last 5 days

I would like to have my users put in a code for any new device used for security. So if they logged in via PC they need a code (initial signup code is fine) but then if they also logged in via mobile, they would need a code for that device too

Hey guys! Hope everyone is doing good, wanna ask some help on this AuthStack, basically my stack now is in

REVIEW_IN_PROGRESS

, how do I make it available and ready to be used?

Hi everybody! I try adding IAM policy grant api permission to a specific folder in s3 bucket but it doesn’t work. Please help me fix that.

Hello! I’d like to create my own JWT authorizer. I don’t want to use AWS Cognito or Auth0. Is it possible? Is there some documentation about that?

Hi all. I’m working on deploying multiple sites via the

nextjsSite

construct and it works like a charm, the problem I’m facing is adding Cloudwatch alarms to the lambda’s this construct creates. My assumption was that

getAllFunctions

would help here but the construct doesn’t return this method and using it as I have below doesn’t return any functions. Any suggestions would be great.

// js
import * as sst from "@serverless-stack/resources";
import * as CDK from "aws-cdk-lib";
import * as cloudwatch from "aws-cdk-lib/aws-cloudwatch";
import * as cw_actions from "aws-cdk-lib/aws-cloudwatch-actions";
import * as sns from "aws-cdk-lib/aws-sns";
import * as chatbot from "aws-cdk-lib/aws-chatbot";

export default class BrandStack extends sst.Stack {
  constructor(scope, id, props) {
    super(scope, id, props);

    const site = new sst.NextjsSite(this, props.brand, {
      path: "./",
      environment: {
        NEXT_PUBLIC_BRAND: props.brand,
      },
    });

    // Get all functions created by the NextjsSite construct
    const functions = this.getAllFunctions();

    // Add metric and alarm for each lambda to catch errors
    functions.forEach((fn) => {
      const fnName = fn.functionName || "lambda";

      // Configure metric for errors
      const fnErrors = fn.metricErrors({
        period: CDK.Duration.minutes(1),
      });

      // configure alarm
      new cloudwatch.Alarm(this, `${fnName}-errors-alarm"}`, {
        metric: fnErrors,
        threshold: 1,
        comparisonOperator:
          cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
        evaluationPeriods: 1,
        alarmDescription: `Errors for ${fnName}`,
      });

      // Send alert
      const topic = new sns.Topic(this, `${fnName}-Topic`);
      cloudwatch.Alarm.addAlarmAction(new cw_actions.SnsAction(topic));

      // Configure slack connection
      new chatbot.SlackChannelConfiguration(this, `${fnName}-SlackChannel`, {
        slackChannelConfigurationName: "sites-alerts-dev",
        slackChannelId: "C02VD7K1X6G",
        slackWorkspaceId: "T52H878E7",
        notificationTopics: [topic],
        loggingLevel: chatbot.LoggingLevel.ERROR,
      });
    });

    this.addOutputs({
      URL: site.url,
    });
  }
}

Is it possible to get the s3 objects that are being inputted in an sns event? basically i have one bucket that triggers an sns topic, and that sns topic will triggers multiple lambda. inside the lambda i want to get the bucket and the keys that are being put in the s3 bucket.

I asked this in the aws-cdk slack, but did not get much response. So I thought maybe this group could advise as this could be a cdk or sst solution. Is there a way to include prompts for user input after

sst deploy

is run? I would like to be able to prompt for parameters if they were not provided through arguments / env file. For example if I wanted to create a project that would use an existing s3 bucket (if the user wants) but otherwise will create its own bucket.

This might be a dumb question but can someone confirm if it’s possible to deploy a static site to a domain only accessible by users on a VPN? Any pointers as to how to achieve this with SST?

Since we upgraded from

0.57.0

to

0.59.1

SST feels not stable. Just right now we added this to our storage stack:

indexProps: {
            nonKeyAttributes: ['description', 'publishedAt'],
            projectionType: ProjectionType.INCLUDE
          }

The file

.build/cdk.out/dev-xx-storage-template.json

went from

"Projection": {
              "ProjectionType": "ALL"
            }

to

"Projection": {
              "NonKeyAttributes": [
                "description",
                "publishedAt"
              ],
              "ProjectionType": "INCLUDE"
            }

But in the console I still always get:

Stacks: Synthesizing changes...
Successfully synthesized to /Users/daniel/Github/xx/.build/cdk.out
Stacks: No changes to deploy.

On AWS I can see that my table is still with Projected Attributes

ALL

. Am I missing something here?

Noob Question: When I update SST (and therefore CDK to v2, so all my functions get re-deployed with new cloud formation? Or are the cloud formation basically the same, just how it is constructed is different.

Hello Can I make a cron job running multiple times in specific hours on same day?

Is there a recommended library for mocking AWS services to test lambdas?

dunno if this has happened to anyone else, but in 0.65.0, once the back end starts getting requests, SST dumps probably hundreds (maybe a couple thousand?) lines to the console. looks like this:

Didn't have time to look into this in depth but seems that the data dog integration isn't compatible with the latest 2.x release. Can someone perhaps nudge them?

Help, I updated my sst version (from a really old one) to a pretty new one and now I get this error when I invoke my lambdas

.sst/artifacts/99a3edf9/src/lambda.handler is undefined or not exported

The "ScriptHandler" Lambda's CloudWatch Log Group for the SST Script construct has a retention of "Never expire". Can we set a limit on that?

Trying to get ephemeral environments to tear down cleanly and using SST Script to do some work that is outside the purview of CloudFormation. Works for stack creation, but at teardown the dependency isn't being recognized. Notice that the

Script

receives

bootstrapThingPolicy

as a parameter, but upon removing the stack CloudFormation immediately tries to delete

BootstrapThingPolicy

, before running the

onDelete

script.

const bootstrapThingPolicy = new CfnPolicy(this, "BootstrapThingPolicy", {
      policyName: scope.logicalPrefixedName("bootstrap-thing-policy"),
      policyDocument: bootstrapThingPolicyDocument,
    });

    const namespace = scope.logicalPrefixedName("").slice(0, -1);
    new Script(this, "bootstrap", {
      defaultFunctionProps: {
        timeout: 60,
        memorySize: 128,
        permissions: toPermissions(
          new statement.Iot()
            .allow()
            .toAttachPolicy()
            .toAttachThingPrincipal()
            .toCreateKeysAndCertificate()
            .toCreateThing()
            .toDeleteCertificate()
            .toDeleteThing()
            .toDescribeEndpoint()
            .toDescribeThing()
            .toDetachPolicy()
            .toDetachThingPrincipal()
            .toListPrincipalPolicies()
            .toListThingPrincipals()
            .toUpdateCertificate()
            .onAllResources(),
          new statement.Ssm().allow().toDeleteParameter().toPutParameter().onAllResources()
        ),
        logRetention: RetentionDays.ONE_MONTH,
      },
      params: {
        namespace,
        boostrapThingPolicyName: bootstrapThingPolicy.policyName,
      },
      onCreate: "src/stacks/iot-provisioning/bootstrap-cert-script.onCreate",
      onDelete: "src/stacks/iot-provisioning/bootstrap-cert-script.onDelete",
    });
  }

hi guys, the debug console is stuck in syncing metadata. see screenshot. any idea why this is happening?

Hi there! Sorry for dumb question, is there any way to fix timeouts when deploying

serverless framework

via seed? I didn't found anything similar except unanswered question in this thread 🤔 If question about seed doesn't belong to this channel, pls give me a signal(

Hey everyone, is there any way to override the logicalPrefixedName in the app level instance?