Hey Guys, Is there a way to add a layer while declaring lambdas with

sst.Api

. I see the option in

defaultFunctionProps

but don't see an option to attach it separately to functions.

hmm.. that’s weird… whatever goes into

defaultFunctionProps

can go into a route.

Hey @Frank, I was browsing through code. We probably missed adding layers to the `functionProps` interface. I am not sure but we might also need to add a merge behavior with layers in

defaultFunctionProps

FunctionProps

extends the cdk.FunctionOptions so it should have layers?

defaultFunctionProps

is also of the type

FunctionProps

… it’s weird that it works there, but in a route.

@Frank, I just tried to add it manually (ignoring autocomplete) and deploy the app.

Yup. Will keep you posted!

@Mr.9715 can you explain how that

auth-layer

works? I been using the

authorizer

concept with SLS, but not sure if it’s the same… just asking if there is anything better.

@Hi @Adrián Mouly, The layer I added was just an example to see if the layers were getting attached to lambda functions. It could code any piece of code/node_modules that you want to use across lambdas but don't want to bulk them up separately. For the auth in sst, you will be using aws cognito service, the recommended wayto implement is AWS_IAM approach where your end users have credentials with fined grained permissions to uniquely access resources ( eg. directly access an s3 bucket ). Also. • If you want to have a password login flow, you need cognitio user pool • for federation (google signin) you need identity pool If your entire app is API based you can • connect your cognito UserPool directly with API gateway. (add google signin Directly to this pool) • you can also use custom authoiser (lambda interceptor) to add your custom logic there. Below refs. should get you going. Also, find out if you are using AWS amplify on the client side, if yes. integration is easier. custom authoiser (JWT based) userpool authoriser IAM auth SST cognito-apigw example SST example with auth0 (JWT based)

Thank you @Mr.9715, but in my case I have an external auth-provider, and what I receive it’s a JWT token. On my lambdas I have the Secret to validate those tokens… With SLS what I have it’s a custom authorizer function, which does the token validation and refuses or not the incoming request. I would like to replicate this procedure with SST. Not sure if I really need a layer for this or I can keep using authorizer.

@Adrián Mouly, you don't really need layer for your setup. Authoiser should be fine. if you have common code that you want to share across lambdas, layer is something that you can benefit from.

Ok, makes sense. My shared code is the actual authroizer, which is also a lambda.

@Adrián Mouly here are some examples on authorizers https://docs.serverless-stack.com/constructs/Api#adding-auth

Thanks @Frank.