Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Swagger does not allow a stage variable for the account ID #87

Closed
mparaz opened this issue Feb 6, 2017 · 9 comments
Closed

Swagger does not allow a stage variable for the account ID #87

mparaz opened this issue Feb 6, 2017 · 9 comments

Comments

@mparaz
Copy link

mparaz commented Feb 6, 2017

I am trying to use this Swagger:

paths:
/documents:
post:
responses: {}
security:
- authorizerFunc: []
x-amazon-apigateway-integration:
uri: arn:aws:apigateway:ap-southeast-2:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-southeast-2:${stageVariables.AccountId}:function:${stageVariables.PostFunctionName}/invocations
passthroughBehavior: "when_no_match"
httpMethod: "POST"
type: "aws_proxy"

with the corresponding template:

Resources:

Explicit API Gateway definition needed for the Custom Authorizer.

ApiGatewayApi:
Type: AWS::Serverless::Api
Properties:
DefinitionUri: swaggerFile.yaml
StageName: Prod
Variables:
PostFunctionName: !Ref PostFunction
AccountId: 1234567890

But I get a CloudFormation stack event with:

"ResourceStatusReason": "Errors found during import:\n\tUnable to put integration on 'POST' for resource at path '/documents': Lambda function ARN must be in same account"

It works fine when I put the literal AccountId 1234567890 in the URI.

It looks like the stageVariable reference isn't expanded, is that right?

Thanks!

@sanathkr
Copy link
Contributor

sanathkr commented Feb 6, 2017

Unfortunately, AccountID has to be hard-coded. This is an APIGateway limitation

@prearrangedchaos
Copy link

Region/AccountId would be very usefull. I know this is a limitation on the API Gateway, but could this info not be merged into the swagger file at package time in the CloudFormation cli?

sanathkr referenced this issue Feb 21, 2017
1. Inline Swagger
2. CodeUri & DefinitionUri support Body, Key and Version dictionary
3. FunctionName property
@ffxsam
Copy link

ffxsam commented Aug 20, 2017

@sanathkr could you please explain how this works?

For example:

ApiGatewayApi:
  Type: AWS::Serverless::Api
  Properties:
    DefinitionUri: swaggerFile.yaml
    StageName: Prod
      Variables:
        PostFunctionName: !Ref PostFunction
        AccountId: 1234567890

Why would ${stageVariables.AccountId} not work? It seems we can pass whatever variables we want from the CloudFormation template, correct? Why would PostFunctionName work but not AccountId since it's just another variable?

I'm having a similar issue #178 where I can't pass a Cognito UserPool ARN into a Swagger doc. How are these limitations of API Gateway when I can create an API and set the exact same stage variables & values I'm trying to pass via CloudFormation?

@deddu
Copy link

deddu commented Oct 26, 2017

Can we please reopen this issue? Or at least can someone please address the question @ffxsam asked?
Why do some stage variables get interpolated and some do not? Where can we find documentation about this?
EG:

Api:
    Type: AWS::Serverless::Api
    Properties:
      StageName: !Ref Stage
      DefinitionUri: swagger.yml
      Variables:
        #those will be exposed as stage vars in the swagger file, and some, interpolated by api-gw!
        BasePath: !Ref Stage 
        TheLambda: !Ref TheLambda
        TheLambdaARN: !GetAtt TheLambda.Arn # does not work
        Region: !Ref "AWS::Region" # does not work
        AccountId: !Ref "AWS::AccountId" # does not work

WHY?

@spockNinja
Copy link

I've ben messing with this problem too. The reason it doesn't work the way we want is probably easiest explained by trying to do the same thing in the AWS Console.

If you view your API's Resources, and dig down into one of the "Integration Request"s that you're working with, you can see the options that are built from this uri.

The lambda ARN literally lets you put in the text "${stageVariables.XYZ}". This is a special feature of cloudformation, letting you route to different lambda functions based on the stage.

The rest of the fields, however, do not allow such dynamic inputs. This also leads us to consider the difference between the API Resource definition and the Stage definition. SAM abstracts a lot of that out for us with the "AWS::Serverless::Api" type, but under the hood, those two things are separate. The swagger template is NOT rendered during stage generation, but during resource generation.

#8 (comment) is probably the closest thing I have found to being able to use those sort of variables dynamically in the swagger file.

@ilazakis
Copy link

ilazakis commented Apr 29, 2018

This is really bad. It basically means that one needs to keep as many copies of the OpenAPI files as stage / region / account permutations they have plus corresponding branching logic on CI and other ops related systems.

That is an unworkable / unrealistic approach and has to be mitigated as soon as possible (unless I am completely misunderstanding the intent of the lambda uri approach).

To minimise the pain, what we did to get around this limitation is include a preprocessing step on CI that replaces the variables in question (in our case it was the AWS region and account id) depending on the context.

@uclaeagit
Copy link

uclaeagit commented Feb 13, 2019

Yeah seems like preprocessing is the way to go here. I'm not even using serverless.com for my API Gateway generation - as I want it decoupled from my lambdas - and I still have the same issue. Painful.

@catapim
Copy link

catapim commented Oct 21, 2020

Hi guys. Are there any updates on this? We deploy in different stages in different accounts and I just can't figure out how to pass the account Id to my OAS file for Api Gateway

@amt227
Copy link

amt227 commented Nov 30, 2020

Hello, @sanathkr any updates about passing the accountId and the region to Swagger file?

hawflau added a commit that referenced this issue Mar 28, 2022
* feat: SAM support for /tmp config (#87)

* Add EphemeralStorage field

Add EphemeralStorage as a new option when creating SAM templates. Add functionality to
transform SAM templates with EphemeralStorage to Cloudformation templates. Add /translate
 tests for new field

* Add EphemeralStorage to global configs

* Add EphemeralStorage to global configs

* Add testing for functions with intrinsic refs, add EphemeralStorage to versions

Co-authored-by: Kevin Weng <[email protected]>

* chore: add integration test for /tmp (#101)

* Add integration test for /tmp

Also edit basic_function_event_destinations template file to avoid deprecated runtime error

* Add integration test for /tmp

Also edit basic_function_event_destinations template file to avoid deprecated runtime error

* Revert changes to template runtime and use getters in
test_function_with_ephemeral_storage. Delete duplicated test

* Revert runtime changes

Co-authored-by: Kevin Weng <[email protected]>

Co-authored-by: Kevin Weng <[email protected]>
Co-authored-by: Kevin Weng <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

10 participants