SAM v1.22.0 Release

Community Contributors to this Release

@cakepietoast, @dalumiller, @jmnarloch, @nmoutschen, @tyldavis

Tags for Http APIs

SAM supports adding tags to AWS::Serverless::HttpApi. When a stack is created, SAM will automatically add httpapi:createdBy: SAM tag. SAM also propagates tags from AWS::Serverless::HttpApi to AWS::ApiGatewayV2::DomainName and AWS::ApiGatewayV2::Stage resources. For more information on how to define tags, see the AWS CloudFormation Documentation. (#1459) (#1492)

Api:
  Type: AWS::Serverless::HttpApi
  Properties:
    Tags:
      Tag1: value1
      Tag2: value2

PayloadFormatVersion and TimeoutInMillis for Http API events

SAM supports PayloadFormatVersion and TimeoutInMillis for Http API events. SAM defaults to "2.0" for PayloadFormatVersion if the version is not specified. The default value of TimeoutInMillis is 5000 milli seconds for Http APIs. For more information on these properties see AWS CloudFormation documentation. (#1450) #1517

  HttpApiFunction: 
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./
      Handler: index.handler
      Runtime: nodejs12.x
      Events:
        Basic:
          Type: HttpApi
          Properties:
            Path: /basic
            Method: post
            TimeoutInMillis: 10000
            PayloadFormatVersion: "2.0"

FailOnWarnings for Serverless Http APIs

SAM supports FailOnWarnings for AWS::Serverless::HttpApi resource. Specifies whether to rollback the API creation (true) or not (false) when a warning is encountered. For more information on FailOnWarnings see AWS CloudFormation Documentation (#1509)

  MyApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      FailOnWarnings: True

CORS for Http APIs

SAM supports enabling CORS for Http APIs. SAM adds x-amazon-apigateway-cors header in open api definition for your Http API when CorsConfiguration property is defined. Specify true for adding Cors with domain '*' to your Http APIs or specify a dictionary with additional CorsConfiguration object. For more information see AWS CloudFormation documentation. (#1381)

  MyApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      CorsConfiguration:
        AllowOrigins:
          - "https://example.com"
        AllowHeaders:
          - x-apigateway-header
        AllowMethods:
          - GET

Custom Domains in HTTP API

This release adds support for configuring custom domains on AWS::Serverless::HttpApi. For more information about this feature see AWS CloudFormation documentation. (#1472)

  MyApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      Domain:
        DomainName: !Ref DomainName
        CertificateArn: !Ref ACMCertificateArn
        BasePath:
          - /fetch
        Route53:
          HostedZoneId: ZQ1UAL4EFZVME
          IpV6: true

RouteSettings and DefaultRouteSettings for Http APIs

SAM supports DefaulRouteSettings and RouteSettings for Http API. For more information see AWS CloudFormation documentation. (#1461) (#1490)

RouteSettings example snippet:

Resources:
  HttpApiFunction: 
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: s3://sam-demo-bucket/todo_list.zip
      Handler: index.restapi
      Runtime: nodejs12.x
      Events:
        SimpleCase:
          Type: HttpApi
          Properties:
            ApiId: !Ref MyApi
            RouteSettings:
              ThrottlingBurstLimit: 300
              LoggingLevel: INFO
  MyApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      StageName: Prod
      RouteSettings:
        "$default":
          ThrottlingBurstLimit: 200
          ThrottlingRateLimit: 0.7

DefaultRouteSettings example snippet:

  MyApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      DefinitionUri: s3://bucket/key
      StageName: !Join ["", ["Stage", "Name"]]
      DefaultRouteSettings:
        ThrottlingBurstLimit: 50

Change Log:

1. Add periods to error messages, fix quotes (#1430)
2. Add EventBridgePutEventsPolicy (#1409)
3. Use isinstance check instead of type (#1411)
4. Add TimeoutInMillis to HttpApi events (#1450)
5. Document support for HTTP API Access Log Settings (#1448)
6. Fix markdown style links in not-markdown (#1439)
7. Add Tags support to Http Api (#1459)
8. Switch Definition to Model (#1423)
9. Make usageplan properties referable (#1458)
10. Add support for DefaultRouteSettings in HttpApi (#1461)
11. Trigger auto publish alias on env var/memorysize change (#1310)
12. Support cors for HttpApi (#1381)
13. chore: bump translator version (#1483)
14. Add referable properties of sam resources (#1468)
15. Add support for Custom domains in HTTP API (#1472)
16. Remove OIDC auth from Http Api (#1491)
17. Propagate tags to DomainName, Stage resources (#1492)
18. Add StageVariables to docs (#1493)
19. Support RouteSettings for HttpApi (#1490)
20. Add DynamoDBWritePolicy and S3WritePolicy (#1374)
21. Fix type of user pool tags (#1460)
22. Add support for PayloadFormatVersion for HttpAPI events (#1517)
23. Add support for FailOnWarnings for HttpApi (#1509)
24. Add support for PathParameters for HttpApi (#1510)

SAM v1.21.0 Release

SAM v1.21.0 Release

Community Contributors to this Release

@aketcham0691, @allanchua101 , @brettstack, @doug-skinner, @jmnarloch, @mark-hirayama, @mbarneyjr, @nikp, @patrickgreenwell, @timoschilling, @tom139

Usage Plans

SAM now supports configuring Usage Plans on AWS::Serverless::Api resources! For more information on how to configure and use usage plans, see the AWS SAM Documentation.

Api:
  Type: AWS::Serverless::Api
  Properties:
    Auth:
      UsagePlan:
        CreateUsagePlan: PER_API
        Description: My test usage plan
        Quota:
          Limit: 500
          Period: MONTH
        Throttle:
          BurstLimit: 100
          RateLimit: 50

AutoPublishCodeSha256

This release supports a new way of forcing updates to Lambda Versions: AutoPublishCodeSha256.

This property addresses a problem that occurs when an AWS SAM template has the following characteristics: the DeploymentPreference object is configured for gradual deployments (as described in Deploying Serverless Applications Gradually), the AutoPublishAlias property is set and doesn't change between deployments, and the CodeUri property is set and doesn't change between deployments.

This scenario might occur when the deployment package stored in an Amazon S3 location is replaced by a new deployment package that contains updated Lambda function code, but the CodeUri property remains unchanged (as opposed to the new deployment package being uploaded to a new Amazon S3 location and the CodeUri being changed to the new location). An example of this is if code was always uploaded to the same s3://bucket/code.zip S3 location.

In this scenario, you must provide a unique value for AutoPublishCodeSha256 to trigger the gradual deployment successfully.

Change Log:

1. #1361 fix: add support for string/parameter based Enabled for DeploymentPreference
2. #1365 fix: throw error for apikey false in api event when not defined in api
3. #1359 docs: code documentation of API Auth Key format
4. #1363 chore: upgrade to nodejs12.x for all examples and tests
5. #1367 docs: remove comment stating FIFO SQS Queues aren't supported
6. #1392 docs: update black instructions in dev guide
7. #1388 docs: update README.md to point to aws sam spec
8. #1179 feat: usage plans support for Api Auth
9. #1377 feat(policy-templates): add Textract policies
10. #1379 docs: fix Template Specication API Auth Object section
11. #1376 feat: introduce AutoPublishCodeSha256 to allow overriding the lambda version SHA
12. #1420 docs: add README pointing to example apps
13. #1419 chore: update black version
14. #1413 docs: add EventBusName for CloudWatchEvent and EventBridgeRule
15. #1396 fix: fix issue when referencing RestApiId by Ref
16. #1408 feat(custom-domains): adds support for HostedZoneName in Domain section of the API
17. #1395 fix: bug fixes in api resource policies
18. #1434 fix: fix usage plan SHARED bug
19. #1411 fix: use isinstance check instead of type
20. #1436 fix: custom statements in function events

Patch V1.20.1: patch fix to correct PyPi upload

Patch fix to correct PyPi upload

Changelog

#1393

SAM v1.20.0 Release: Custom Domains support and Authorization scopes for Amazon Api Gateway, TriggerConfigurations in DeploymentPreference and Tags in IAM Role

SAM v1.20.0 Release: Custom Domains support and Authorization scopes for Amazon Api Gateway, TriggerConfigurations in DeploymentPreference and Tags in IAM Role

Community Contributors to this Release

@53ningen, @alexfrosa, @brettstack, @cakepietoast, @chrisoverzero, @dballance, @ebaizel, @eddiecho, @eugeniosu, @gliptak, @hui-yang, @klmz, @koenaad, @kvasukib, @limitusus, @MattMasters, @me2resh, @merzwilliam, @michaeljfazio, @nheijmans, @nikp, @pfeilbr, @tde908, @timoschilling, @yan12125, @zmaleki

Support Custom domains for Amazon Api Gateway

This release adds support for configuring custom domains on AWS::Serverless::Api. For more information about this feature see CloudFormation documentation. (#1144) (#1165)

Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      OpenApiVersion: 3.0.1
      StageName: Prod
      Domain:
        DomainName: !Ref DomainName
        CertificateArn: !Ref ACMCertificateArn
        EndpointConfiguration: EDGE
        BasePath:
          - /fetch
        Route53:
         HostedZoneId: ZQ1UAL4EFZVME
         IpV6: true
         DistributionDomainName: !GetAtt Distribution.DomainName

Support for TriggerConfigurations in DeploymentPreference

This release adds support for adding Trigger Configurations on DeploymentPreference of a serverless function. For more information on Trigger Configurations see CloudFormation documentation. A big thank you to @cakepietoast for contributing this feature! (#1195)

Resources:
  MinimalFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: hello.handler
      Runtime: python3.7
      AutoPublishAlias: live
      DeploymentPreference:
        Enabled: true
        Type: Linear10PercentEvery1Minute
        TriggerConfigurations:
          - TriggerEvents:
              - DeploymentSuccess
              - DeploymentFailure
            TriggerName: TestTrigger
            TriggerTargetArn: !Ref MySNSTopic

AuthorizationScopes for Amazon Api Gateway

This release supports AuthorizationScopes for Authorizers in AWS::Serverless::Api. The scopes are used with a COGNITO_USER_POOLS authorizer to authorize the method invocation. For more information on scopes see AWS blog post. A big thank you to @klmz for contributing this feature! (#917)

Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: python3.7
      Events:
        CognitoDefaultScopesWithOverwritten:
          Type: Api
          Properties:
            RestApiId: !Ref MyApiWithCognitoAuth
            Method: get
            Path: /hello
            Auth:
              Authorizer: MyDefaultCognitoAuth
              AuthorizationScopes: 
                - read
                - write

Add an existing SQS queue for SNS event

SqsSubscription property of the SNS event type now supports adding an existing SQS queue. When this property is set, uses an existing SQS queue or creates a SQS queue and subscribes to the SNS topic, and the Lambda function is subscribed to the SQS queue. For more information about SNS and SQS, see the developer documentation. A big thank you to @53ningen for contributing this feature! (#1231)

Resources:
  MyLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs10.x
      CodeUri: .
      MemorySize: 128

      Events:
        SQSSubscriptionEvent:
          Type: SNS
          Properties:
            Topic: !Ref MySnsTopic
            SqsSubscription:
              QueueUrl: !Ref MyQueue
              QueueArn: !GetAtt MyQueue.Arn
              QueuePolicyLogicalId: NotificationA
              BatchSize: 8
              Enabled: true
            FilterPolicy:
              store:
                - example_corp
              price_usd:
                - numeric:
                    - ">="
                    - 100

Support Tags for IAM Role

This release adds support to propogate Serverless function tags to IAM roles generated for the function. You can configure tags on IAM Role by updating the Tags property of Serverless function. A big thank you to @cakepietoast for contributing this feature! (#1194)

Resources:
  MyFunctionWithTags:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: nodejs10.x
      Tags:
        TagKey1: TagValue1

Change Log:

1. (#1149)(#1170)(#1198)(#1191)(#1199)(#1214)(#1220)(#1233)(#1243)(#1270)(#1247)(#1294)(#1215) Documentation and example updates
2. (#1144) Custom domains Api Gateway support
3. (#1165) Custom domains route53 support
4. (#1195) Add support for TriggerConfigurations in DeploymentConfiguration
5. (#1194) Support for function role tag propagation
6. (#1228) Add VPC Access Policy when VpcConfig is present
7. (#1299) Add sqs and sns policies based on destination config
8. (#1231) Add an existing SQS queue option to SNS event
9. (#1241) Add new EventBridgeRule SAM Function EventSource
10. (#1264) Add cloudwatch:describeAlarmHistory policy, (#1259) Allow kinesis:DescribeStreamSummary for KinesisCrudPolicy and KinesisStreamReadPolicy, (#1137) Add AthenaQueryPolicy template, (#1192) Add KMSEncryptPolicy policy template
11. (#917) Add authorizationscopes
12. (#1132) Actually exclude test files from being installed
13. (#1230) Add support to point to api gateway distribution
14. (#1173) Update DynamoDBCrudPolicy
15. (#1200) Fix sns publish
16. (#1196) Add intrinsic support for deployment preference enabled
17. (#1224) Throw better error for improper api reference
18. (#1282) Throw error when method authorizer is present and api auth is not defined
19. (#1260) Transform cognito events to a permission with sourcearn
20. (#1256) Add Python 3.8 as supported version
21. (#1263) Add AppVeyor config to move away from Travis
22. (#1222) Update arn format of DynamoDBStreamReadPolicy
23. (#1301) Nest securitySchemes under components section in openapi
24. (#1316) Remove unsupported options for openapi3.0
25. (#1288) Amend provisioned concurrency examples and templates to work for false condition
26. ...

HTTP API Auth Patch: v1.19.1

This is a patch release to fix the implementation of HTTP API authorizers. Authorizers are now correctly nested under components.securitySchemes in the OpenApi document that SAM generates. #1301

SAM v1.19.0 Release: HTTP APIs (Beta)

SAM V1.19.0 Release: Introducing HTTP APIs

HTTP APIs enable you to create RESTful APIs with lower latency and lower cost than REST APIs. In SAM, we aim to make creating and configuring these APIs easier and safer by providing the ability to construct an authenticated API backed by Lambda functions. We did this by creating a new resource type, AWS::Serverless::HttpApi, and a new Function event type to go with it, HttpApi.

To learn more about the differences and benefits of using a HTTP API, see the Amazon API Gateway documentation.

We followed the same pattern that we had for our current AWS::Serverless::Api resource, with a few notable changes.

New Simple API

We are making it even easier to configure a Lambda-backed API. We are introducing a new simple case, where one Lambda function can map to all endpoints of an API and is simple and easy to use. This is done via several improvements:

Always Deploy API
There is now an option to automatically deploy any changes made to an API. SAM will no longer have to try to hash any changes to the API in an effort to deploy for any change; it should instead always work.

Default Stage
There is a new $default stage that is used if no StageName is given. This stage maps to the base of the API url.

Default Path
There is a new $default path option that SAM uses if no Method and Path are given in an HttpApi event. All unmapped paths and methods will be routed to this endpoint.

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: AWS SAM template with a simple API definition backed by a single Lambda function.
Resources:
  ApiFunction:
    Type: AWS::Serverless::Function
    Properties:
      Events:
        ApiEvent: # uses new default path
          Type: HttpApi
      Handler: index.handler
      CodeUri: ./src
      Runtime: python3.7

Authorization

AWS::Serverless::HttpApi at launch only supports JWT authorizers, and these can be added and used in much the same way that authorizers work on the AWS::Serverless::Api resource.

For more information about authorization on AWS::Serverless::HttpApi resources, see the SAM Documentation.

OpenApi Merging

SAM will now attempt to merge Lambda integrations with existing OpenApi documents. This allows advanced users to bring a pre-existing OpenApi document with all paths and methods specified and let SAM add the API Gateway integrations for Serverless functions via HttpApi events on these functions. If the template author defines their own OpenApi, SAM requires the openapi version to be set and at least an empty paths dictionary to be created.

Change Log:

1. #1290

SAM v1.18.0 Release: Lambda Provisioned Concurrency Support

SAM V1.18.0 Release: Provisioned Concurrency Feature Support in SAM

Change Log:

1. #1284 #1285

Provisioned Concurrency Feature Support

This release adds support to configure the number of concurrent executions to be reserved for the lambda function on AWS::Lambda::Alias resource. Setting the AutoPublishAlas property is required to use this feature on an AWS::Serverless::Function.

Resources:
  MinimalFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      CodeUri: ./src/
      Handler: index.handler
      Runtime: nodejs8.10
      AutoPublishAlias: live
      ProvisionedConcurrencyConfig:
        ProvisionedConcurrentExecutions: 10

SAM v1.17.0 Release: Add event bus name for CloudWatchEvent

Community Contributors to this Release

@zbintliff

Add event bus name for CloudWatchEvent

This release adds support for specifying an EventBusName for the CloudWatchEvent function event type. For more information about this property see the CloudFormation documentation. Thank you @zbintliff for contributing this feature. (#1185)

Resources:
  TriggeredFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: python3.7
      Events:
        OnTerminate:
          Type: CloudWatchEvent
          Properties:
            EventBusName: ExternalEventBridge
            Pattern:
              detail:
                state:
                - terminated

Changelog

1. (#1185) feat: changes for eventbusname on cloudwatch event

SAM v1.16.0 Release: Virtual Sharding and Stream failure processing support for streaming events

SAM v1.16.0 Release: Virtual Sharding and Stream failure processing support for streaming events

This release adds support for ParallelizationFactor, MaximumRetryAttempts, BisectBatchOnFunctionError, MaximumRecordAgeInSeconds, and DestinationConfig properties for Kinesis and DynamoDB event types.

ParallelizationFactor property can be set to increase concurrent Lambda invocations for each shard, which by default is 1. This allows for faster stream processing without the need to over-scale the number of shards, while still guaranteeing order of records processed.

Lambda functions can skip retrying a batch of records when it has reached the value set in the MaximumRetryAttempts property, which can be configured from 0 to 10,000.

Lambda functions can skip processing a data record when it has reached the value set in MaximumRecordAgeInSeconds property, which can be configured from 60 seconds to 7 days.

Lambda functions can continue processing a shard even when it returns an error. When a data record reaches the Maximum Retry Attempts or Maximum Record Age, you can send its metadata like shard ID and stream ARN to an SQS queue or SNS topic by setting that configuration in DestinationConfig

BisectBatchOnFunctionError allows a customer to have retried invocations contain a smaller number of records. With Bisect on Function Error enabled, Lambda splits the impacted batch of records into two when a function returns an error, and retries them separately. This allows you to easily separate the malformed data record from the rest of the batch, and process the rest of data records successfully.

Resources:
  StreamProcessor:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs10.x
      CodeUri: .
      Events:
        Stream:
          Type: Kinesis
          Properties:
            Stream: !GetAtt Stream.Arn
            ParallelizationFactor: 8
            MaximumRetryAttempts: 100
            BisectBatchOnFunctionError: true
            MaximumRecordAgeInSeconds: 604800
            DestinationConfig:
              OnFailure:
                Destination: !GetAtt MySqsQueue.Arn

Changelog

1. (#1261 ) feat: support virtual sharding and stream failure processing

SAM v1.15.1 Patch Release: ResourcePolicy fix

SAM v1.15.1 Patch Release: ResourcePolicy fix

This patch release fixes two bugs introduced in Release 1.15.0 -

1. ResourcePolicy created incorrect resource paths, this was fixed in #1181
2. A regression was introduced in CustomStatements property of ResourcePolicy, which resulted in multiple copies of custom statements being created. This caused some users to run into policy size limits. It was fixed in #1183

Changelog

1. (#1181) fix: resource policies fix for v1.15.1
2. (#1183) fix: custom statements regression bug