Releases: aws/serverless-application-model
SAM v1.23 Release: Bug fixes
SAM v1.22.0 Release
Community Contributors to this Release
@cakepietoast, @dalumiller, @jmnarloch, @nmoutschen, @tyldavis
Tags for Http APIs
SAM supports adding tags to AWS::Serverless::HttpApi. When a stack is created, SAM will automatically add httpapi:createdBy: SAM tag. SAM also propagates tags from AWS::Serverless::HttpApi to AWS::ApiGatewayV2::DomainName and AWS::ApiGatewayV2::Stage resources. For more information on how to define tags, see the AWS CloudFormation Documentation. (#1459) (#1492)
Api:
Type: AWS::Serverless::HttpApi
Properties:
Tags:
Tag1: value1
Tag2: value2PayloadFormatVersion and TimeoutInMillis for Http API events
SAM supports PayloadFormatVersion and TimeoutInMillis for Http API events. SAM defaults to "2.0" for PayloadFormatVersion if the version is not specified. The default value of TimeoutInMillis is 5000 milli seconds for Http APIs. For more information on these properties see AWS CloudFormation documentation. (#1450) #1517
HttpApiFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./
Handler: index.handler
Runtime: nodejs12.x
Events:
Basic:
Type: HttpApi
Properties:
Path: /basic
Method: post
TimeoutInMillis: 10000
PayloadFormatVersion: "2.0"FailOnWarnings for Serverless Http APIs
SAM supports FailOnWarnings for AWS::Serverless::HttpApi resource. Specifies whether to rollback the API creation (true) or not (false) when a warning is encountered. For more information on FailOnWarnings see AWS CloudFormation Documentation (#1509)
MyApi:
Type: AWS::Serverless::HttpApi
Properties:
FailOnWarnings: TrueCORS for Http APIs
SAM supports enabling CORS for Http APIs. SAM adds x-amazon-apigateway-cors header in open api definition for your Http API when CorsConfiguration property is defined. Specify true for adding Cors with domain '*' to your Http APIs or specify a dictionary with additional CorsConfiguration object. For more information see AWS CloudFormation documentation. (#1381)
MyApi:
Type: AWS::Serverless::HttpApi
Properties:
CorsConfiguration:
AllowOrigins:
- "https://example.com"
AllowHeaders:
- x-apigateway-header
AllowMethods:
- GETCustom Domains in HTTP API
This release adds support for configuring custom domains on AWS::Serverless::HttpApi. For more information about this feature see AWS CloudFormation documentation. (#1472)
MyApi:
Type: AWS::Serverless::HttpApi
Properties:
Domain:
DomainName: !Ref DomainName
CertificateArn: !Ref ACMCertificateArn
BasePath:
- /fetch
Route53:
HostedZoneId: ZQ1UAL4EFZVME
IpV6: trueRouteSettings and DefaultRouteSettings for Http APIs
SAM supports DefaulRouteSettings and RouteSettings for Http API. For more information see AWS CloudFormation documentation. (#1461) (#1490)
RouteSettings example snippet:
Resources:
HttpApiFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.restapi
Runtime: nodejs12.x
Events:
SimpleCase:
Type: HttpApi
Properties:
ApiId: !Ref MyApi
RouteSettings:
ThrottlingBurstLimit: 300
LoggingLevel: INFO
MyApi:
Type: AWS::Serverless::HttpApi
Properties:
StageName: Prod
RouteSettings:
"$default":
ThrottlingBurstLimit: 200
ThrottlingRateLimit: 0.7DefaultRouteSettings example snippet:
MyApi:
Type: AWS::Serverless::HttpApi
Properties:
DefinitionUri: s3://bucket/key
StageName: !Join ["", ["Stage", "Name"]]
DefaultRouteSettings:
ThrottlingBurstLimit: 50Change Log:
- Add periods to error messages, fix quotes (#1430)
- Add EventBridgePutEventsPolicy (#1409)
- Use isinstance check instead of type (#1411)
- Add TimeoutInMillis to HttpApi events (#1450)
- Document support for HTTP API Access Log Settings (#1448)
- Fix markdown style links in not-markdown (#1439)
- Add Tags support to Http Api (#1459)
- Switch Definition to Model (#1423)
- Make usageplan properties referable (#1458)
- Add support for DefaultRouteSettings in HttpApi (#1461)
- Trigger auto publish alias on env var/memorysize change (#1310)
- Support cors for HttpApi (#1381)
- chore: bump translator version (#1483)
- Add referable properties of sam resources (#1468)
- Add support for Custom domains in HTTP API (#1472)
- Remove OIDC auth from Http Api (#1491)
- Propagate tags to DomainName, Stage resources (#1492)
- Add StageVariables to docs (#1493)
- Support RouteSettings for HttpApi (#1490)
- Add DynamoDBWritePolicy and S3WritePolicy (#1374)
- Fix type of user pool tags (#1460)
- Add support for PayloadFormatVersion for HttpAPI events (#1517)
- Add support for FailOnWarnings for HttpApi (#1509)
- Add support for PathParameters for HttpApi (#1510)
SAM v1.21.0 Release
SAM v1.21.0 Release
Community Contributors to this Release
@aketcham0691, @allanchua101 , @brettstack, @doug-skinner, @jmnarloch, @mark-hirayama, @mbarneyjr, @nikp, @patrickgreenwell, @timoschilling, @tom139
Usage Plans
SAM now supports configuring Usage Plans on AWS::Serverless::Api resources! For more information on how to configure and use usage plans, see the AWS SAM Documentation.
Api:
Type: AWS::Serverless::Api
Properties:
Auth:
UsagePlan:
CreateUsagePlan: PER_API
Description: My test usage plan
Quota:
Limit: 500
Period: MONTH
Throttle:
BurstLimit: 100
RateLimit: 50AutoPublishCodeSha256
This release supports a new way of forcing updates to Lambda Versions: AutoPublishCodeSha256.
This property addresses a problem that occurs when an AWS SAM template has the following characteristics: the DeploymentPreference object is configured for gradual deployments (as described in Deploying Serverless Applications Gradually), the AutoPublishAlias property is set and doesn't change between deployments, and the CodeUri property is set and doesn't change between deployments.
This scenario might occur when the deployment package stored in an Amazon S3 location is replaced by a new deployment package that contains updated Lambda function code, but the CodeUri property remains unchanged (as opposed to the new deployment package being uploaded to a new Amazon S3 location and the CodeUri being changed to the new location). An example of this is if code was always uploaded to the same s3://bucket/code.zip S3 location.
In this scenario, you must provide a unique value for AutoPublishCodeSha256 to trigger the gradual deployment successfully.
Change Log:
- #1361 fix: add support for string/parameter based Enabled for DeploymentPreference
- #1365 fix: throw error for apikey false in api event when not defined in api
- #1359 docs: code documentation of API Auth Key format
- #1363 chore: upgrade to nodejs12.x for all examples and tests
- #1367 docs: remove comment stating FIFO SQS Queues aren't supported
- #1392 docs: update black instructions in dev guide
- #1388 docs: update README.md to point to aws sam spec
- #1179 feat: usage plans support for Api Auth
- #1377 feat(policy-templates): add Textract policies
- #1379 docs: fix Template Specication API Auth Object section
- #1376 feat: introduce AutoPublishCodeSha256 to allow overriding the lambda version SHA
- #1420 docs: add README pointing to example apps
- #1419 chore: update black version
- #1413 docs: add EventBusName for CloudWatchEvent and EventBridgeRule
- #1396 fix: fix issue when referencing RestApiId by Ref
- #1408 feat(custom-domains): adds support for HostedZoneName in Domain section of the API
- #1395 fix: bug fixes in api resource policies
- #1434 fix: fix usage plan SHARED bug
- #1411 fix: use isinstance check instead of type
- #1436 fix: custom statements in function events
Patch V1.20.1: patch fix to correct PyPi upload
SAM v1.20.0 Release: Custom Domains support and Authorization scopes for Amazon Api Gateway, TriggerConfigurations in DeploymentPreference and Tags in IAM Role
SAM v1.20.0 Release: Custom Domains support and Authorization scopes for Amazon Api Gateway, TriggerConfigurations in DeploymentPreference and Tags in IAM Role
Community Contributors to this Release
@53ningen, @alexfrosa, @brettstack, @cakepietoast, @chrisoverzero, @dballance, @ebaizel, @eddiecho, @eugeniosu, @gliptak, @hui-yang, @klmz, @koenaad, @kvasukib, @limitusus, @MattMasters, @me2resh, @merzwilliam, @michaeljfazio, @nheijmans, @nikp, @pfeilbr, @tde908, @timoschilling, @yan12125, @zmaleki
Support Custom domains for Amazon Api Gateway
This release adds support for configuring custom domains on AWS::Serverless::Api. For more information about this feature see CloudFormation documentation. (#1144) (#1165)
Resources:
MyApi:
Type: AWS::Serverless::Api
Properties:
OpenApiVersion: 3.0.1
StageName: Prod
Domain:
DomainName: !Ref DomainName
CertificateArn: !Ref ACMCertificateArn
EndpointConfiguration: EDGE
BasePath:
- /fetch
Route53:
HostedZoneId: ZQ1UAL4EFZVME
IpV6: true
DistributionDomainName: !GetAtt Distribution.DomainNameSupport for TriggerConfigurations in DeploymentPreference
This release adds support for adding Trigger Configurations on DeploymentPreference of a serverless function. For more information on Trigger Configurations see CloudFormation documentation. A big thank you to @cakepietoast for contributing this feature! (#1195)
Resources:
MinimalFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: .
Handler: hello.handler
Runtime: python3.7
AutoPublishAlias: live
DeploymentPreference:
Enabled: true
Type: Linear10PercentEvery1Minute
TriggerConfigurations:
- TriggerEvents:
- DeploymentSuccess
- DeploymentFailure
TriggerName: TestTrigger
TriggerTargetArn: !Ref MySNSTopicAuthorizationScopes for Amazon Api Gateway
This release supports AuthorizationScopes for Authorizers in AWS::Serverless::Api. The scopes are used with a COGNITO_USER_POOLS authorizer to authorize the method invocation. For more information on scopes see AWS blog post. A big thank you to @klmz for contributing this feature! (#917)
Resources:
MyFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: .
Handler: index.handler
Runtime: python3.7
Events:
CognitoDefaultScopesWithOverwritten:
Type: Api
Properties:
RestApiId: !Ref MyApiWithCognitoAuth
Method: get
Path: /hello
Auth:
Authorizer: MyDefaultCognitoAuth
AuthorizationScopes:
- read
- writeAdd an existing SQS queue for SNS event
SqsSubscription property of the SNS event type now supports adding an existing SQS queue. When this property is set, uses an existing SQS queue or creates a SQS queue and subscribes to the SNS topic, and the Lambda function is subscribed to the SQS queue. For more information about SNS and SQS, see the developer documentation. A big thank you to @53ningen for contributing this feature! (#1231)
Resources:
MyLambdaFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
Runtime: nodejs10.x
CodeUri: .
MemorySize: 128
Events:
SQSSubscriptionEvent:
Type: SNS
Properties:
Topic: !Ref MySnsTopic
SqsSubscription:
QueueUrl: !Ref MyQueue
QueueArn: !GetAtt MyQueue.Arn
QueuePolicyLogicalId: NotificationA
BatchSize: 8
Enabled: true
FilterPolicy:
store:
- example_corp
price_usd:
- numeric:
- ">="
- 100Support Tags for IAM Role
This release adds support to propogate Serverless function tags to IAM roles generated for the function. You can configure tags on IAM Role by updating the Tags property of Serverless function. A big thank you to @cakepietoast for contributing this feature! (#1194)
Resources:
MyFunctionWithTags:
Type: AWS::Serverless::Function
Properties:
CodeUri: .
Handler: index.handler
Runtime: nodejs10.x
Tags:
TagKey1: TagValue1Change Log:
- (#1149)(#1170)(#1198)(#1191)(#1199)(#1214)(#1220)(#1233)(#1243)(#1270)(#1247)(#1294)(#1215) Documentation and example updates
- (#1144) Custom domains Api Gateway support
- (#1165) Custom domains route53 support
- (#1195) Add support for TriggerConfigurations in DeploymentConfiguration
- (#1194) Support for function role tag propagation
- (#1228) Add VPC Access Policy when VpcConfig is present
- (#1299) Add sqs and sns policies based on destination config
- (#1231) Add an existing SQS queue option to SNS event
- (#1241) Add new EventBridgeRule SAM Function EventSource
- (#1264) Add
cloudwatch:describeAlarmHistorypolicy, (#1259) Allowkinesis:DescribeStreamSummaryfor KinesisCrudPolicy and KinesisStreamReadPolicy, (#1137) Add AthenaQueryPolicy template, (#1192) Add KMSEncryptPolicy policy template - (#917) Add authorizationscopes
- (#1132) Actually exclude test files from being installed
- (#1230) Add support to point to api gateway distribution
- (#1173) Update DynamoDBCrudPolicy
- (#1200) Fix sns publish
- (#1196) Add intrinsic support for deployment preference enabled
- (#1224) Throw better error for improper api reference
- (#1282) Throw error when method authorizer is present and api auth is not defined
- (#1260) Transform cognito events to a permission with
sourcearn - (#1256) Add Python 3.8 as supported version
- (#1263) Add AppVeyor config to move away from Travis
- (#1222) Update arn format of DynamoDBStreamReadPolicy
- (#1301) Nest securitySchemes under components section in openapi
- (#1316) Remove unsupported options for openapi3.0
- (#1288) Amend provisioned concurrency examples and templates to work for false condition
- ...
HTTP API Auth Patch: v1.19.1
This is a patch release to fix the implementation of HTTP API authorizers. Authorizers are now correctly nested under components.securitySchemes in the OpenApi document that SAM generates. #1301
SAM v1.19.0 Release: HTTP APIs (Beta)
SAM V1.19.0 Release: Introducing HTTP APIs
HTTP APIs enable you to create RESTful APIs with lower latency and lower cost than REST APIs. In SAM, we aim to make creating and configuring these APIs easier and safer by providing the ability to construct an authenticated API backed by Lambda functions. We did this by creating a new resource type, AWS::Serverless::HttpApi, and a new Function event type to go with it, HttpApi.
To learn more about the differences and benefits of using a HTTP API, see the Amazon API Gateway documentation.
We followed the same pattern that we had for our current AWS::Serverless::Api resource, with a few notable changes.
New Simple API
We are making it even easier to configure a Lambda-backed API. We are introducing a new simple case, where one Lambda function can map to all endpoints of an API and is simple and easy to use. This is done via several improvements:
Always Deploy API
There is now an option to automatically deploy any changes made to an API. SAM will no longer have to try to hash any changes to the API in an effort to deploy for any change; it should instead always work.
Default Stage
There is a new $default stage that is used if no StageName is given. This stage maps to the base of the API url.
Default Path
There is a new $default path option that SAM uses if no Method and Path are given in an HttpApi event. All unmapped paths and methods will be routed to this endpoint.
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: AWS SAM template with a simple API definition backed by a single Lambda function.
Resources:
ApiFunction:
Type: AWS::Serverless::Function
Properties:
Events:
ApiEvent: # uses new default path
Type: HttpApi
Handler: index.handler
CodeUri: ./src
Runtime: python3.7
Authorization
AWS::Serverless::HttpApi at launch only supports JWT authorizers, and these can be added and used in much the same way that authorizers work on the AWS::Serverless::Api resource.
For more information about authorization on AWS::Serverless::HttpApi resources, see the SAM Documentation.
OpenApi Merging
SAM will now attempt to merge Lambda integrations with existing OpenApi documents. This allows advanced users to bring a pre-existing OpenApi document with all paths and methods specified and let SAM add the API Gateway integrations for Serverless functions via HttpApi events on these functions. If the template author defines their own OpenApi, SAM requires the openapi version to be set and at least an empty paths dictionary to be created.
Change Log:
SAM v1.18.0 Release: Lambda Provisioned Concurrency Support
SAM V1.18.0 Release: Provisioned Concurrency Feature Support in SAM
Change Log:
Provisioned Concurrency Feature Support
This release adds support to configure the number of concurrent executions to be reserved for the lambda function on AWS::Lambda::Alias resource. Setting the AutoPublishAlas property is required to use this feature on an AWS::Serverless::Function.
Resources:
MinimalFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: ./src/
Handler: index.handler
Runtime: nodejs8.10
AutoPublishAlias: live
ProvisionedConcurrencyConfig:
ProvisionedConcurrentExecutions: 10
SAM v1.17.0 Release: Add event bus name for CloudWatchEvent
Community Contributors to this Release
Add event bus name for CloudWatchEvent
This release adds support for specifying an EventBusName for the CloudWatchEvent function event type. For more information about this property see the CloudFormation documentation. Thank you @zbintliff for contributing this feature. (#1185)
Resources:
TriggeredFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: .
Handler: index.handler
Runtime: python3.7
Events:
OnTerminate:
Type: CloudWatchEvent
Properties:
EventBusName: ExternalEventBridge
Pattern:
detail:
state:
- terminatedChangelog
- (#1185) feat: changes for eventbusname on cloudwatch event
SAM v1.16.0 Release: Virtual Sharding and Stream failure processing support for streaming events
SAM v1.16.0 Release: Virtual Sharding and Stream failure processing support for streaming events
This release adds support for ParallelizationFactor, MaximumRetryAttempts, BisectBatchOnFunctionError, MaximumRecordAgeInSeconds, and DestinationConfig properties for Kinesis and DynamoDB event types.
ParallelizationFactor property can be set to increase concurrent Lambda invocations for each shard, which by default is 1. This allows for faster stream processing without the need to over-scale the number of shards, while still guaranteeing order of records processed.
Lambda functions can skip retrying a batch of records when it has reached the value set in the MaximumRetryAttempts property, which can be configured from 0 to 10,000.
Lambda functions can skip processing a data record when it has reached the value set in MaximumRecordAgeInSeconds property, which can be configured from 60 seconds to 7 days.
Lambda functions can continue processing a shard even when it returns an error. When a data record reaches the Maximum Retry Attempts or Maximum Record Age, you can send its metadata like shard ID and stream ARN to an SQS queue or SNS topic by setting that configuration in DestinationConfig
BisectBatchOnFunctionError allows a customer to have retried invocations contain a smaller number of records. With Bisect on Function Error enabled, Lambda splits the impacted batch of records into two when a function returns an error, and retries them separately. This allows you to easily separate the malformed data record from the rest of the batch, and process the rest of data records successfully.
Resources:
StreamProcessor:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
Runtime: nodejs10.x
CodeUri: .
Events:
Stream:
Type: Kinesis
Properties:
Stream: !GetAtt Stream.Arn
ParallelizationFactor: 8
MaximumRetryAttempts: 100
BisectBatchOnFunctionError: true
MaximumRecordAgeInSeconds: 604800
DestinationConfig:
OnFailure:
Destination: !GetAtt MySqsQueue.ArnChangelog
- (#1261 ) feat: support virtual sharding and stream failure processing