Second question 🙂 how do

app.setDefaultFunctionProps

an Api's

defaultFunctionProps

play together. For example if I added read only permission to a table at the

app

level, then added full permission to that same table at the

Api

creation level, would they merge? Maybe both are applied? Same for ENV variables, are they overridden?

My experience with SST, and a decision I agree with, is that settings get overridden rather than merged.

We actually do merge some of it. Env vars, permissions and layers

Yeah thats what i was hoping, seems like merge is how you would have to go, otherwise providing ENVs at the app level would only work in cases you had no ENVs defined at the stack level. @thdxr how does it work for permissions? If i have READ at app level and full at stack level, does it know to ignore the app level and just apply full? Do two things get applied?

@Frank do we have this documented properly?

@Ross Gerbasi the READ at app level does NOT get ignored. Both permissions are applied. And b/c the resulting permission is an union of all, the function will have the full permission.

does that end up with 2 AWS resources? one for read and one for full applied to the lambda?

1 IAM::Policy resource with both permissions

oh great, thanks!