From 7e15972a5fdcc92ecd7a55d713da35f93606b209 Mon Sep 17 00:00:00 2001 From: Jay V Date: Tue, 8 Oct 2024 13:10:05 -0400 Subject: [PATCH] function vpc error copy --- platform/src/components/aws/function.ts | 356 ++++++++++++------------ 1 file changed, 177 insertions(+), 179 deletions(-) diff --git a/platform/src/components/aws/function.ts b/platform/src/components/aws/function.ts index 1501e1894..a0346347f 100644 --- a/platform/src/components/aws/function.ts +++ b/platform/src/components/aws/function.ts @@ -493,53 +493,53 @@ export interface FunctionArgs { logging?: Input< | false | { - /** - * The duration the function logs are kept in CloudWatch. - * - * Not application when an existing log group is provided. - * - * @default `forever` - * @example - * ```js - * { - * logging: { - * retention: "1 week" - * } - * } - * ``` - */ - retention?: Input; - /** - * Assigns the given CloudWatch log group name to the function. This allows you to pass in a previously created log group. - * - * By default, the function creates a new log group when it's created. - * - * @default Creates a log group - * @example - * ```js - * { - * logging: { - * logGroup: "/existing/log-group" - * } - * } - * ``` - */ - logGroup?: Input; - /** - * The [log format](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-cloudwatchlogs-advanced.html) - * of the Lambda function. - * @default `"text"` - * @example - * ```js - * { - * logging: { - * format: "json" - * } - * } - * ``` - */ - format?: Input<"text" | "json">; - } + /** + * The duration the function logs are kept in CloudWatch. + * + * Not application when an existing log group is provided. + * + * @default `forever` + * @example + * ```js + * { + * logging: { + * retention: "1 week" + * } + * } + * ``` + */ + retention?: Input; + /** + * Assigns the given CloudWatch log group name to the function. This allows you to pass in a previously created log group. + * + * By default, the function creates a new log group when it's created. + * + * @default Creates a log group + * @example + * ```js + * { + * logging: { + * logGroup: "/existing/log-group" + * } + * } + * ``` + */ + logGroup?: Input; + /** + * The [log format](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-cloudwatchlogs-advanced.html) + * of the Lambda function. + * @default `"text"` + * @example + * ```js + * { + * logging: { + * format: "json" + * } + * } + * ``` + */ + format?: Input<"text" | "json">; + } >; /** * The [architecture](https://docs.aws.amazon.com/lambda/latest/dg/foundation-arch.html) @@ -601,45 +601,45 @@ export interface FunctionArgs { url?: Input< | boolean | { - /** - * The authorization used for the function URL. Supports [IAM authorization](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). - * @default `"none"` - * @example - * ```js - * { - * url: { - * authorization: "iam" - * } - * } - * ``` - */ - authorization?: Input<"none" | "iam">; - /** - * Customize the CORS (Cross-origin resource sharing) settings for the function URL. - * @default `true` - * @example - * Disable CORS. - * ```js - * { - * url: { - * cors: false - * } - * } - * ``` - * Only enable the `GET` and `POST` methods for `https://example.com`. - * ```js - * { - * url: { - * cors: { - * allowMethods: ["GET", "POST"], - * allowOrigins: ["https://example.com"] - * } - * } - * } - * ``` - */ - cors?: Input>; - } + /** + * The authorization used for the function URL. Supports [IAM authorization](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). + * @default `"none"` + * @example + * ```js + * { + * url: { + * authorization: "iam" + * } + * } + * ``` + */ + authorization?: Input<"none" | "iam">; + /** + * Customize the CORS (Cross-origin resource sharing) settings for the function URL. + * @default `true` + * @example + * Disable CORS. + * ```js + * { + * url: { + * cors: false + * } + * } + * ``` + * Only enable the `GET` and `POST` methods for `https://example.com`. + * ```js + * { + * url: { + * cors: { + * allowMethods: ["GET", "POST"], + * allowOrigins: ["https://example.com"] + * } + * } + * } + * ``` + */ + cors?: Input>; + } >; /** * Configure how your function is bundled. @@ -1334,10 +1334,10 @@ export class Function extends Component implements Link.Linkable { : url.cors === true || url.cors === undefined ? defaultCors : { - ...defaultCors, - ...url.cors, - maxAge: url.cors.maxAge && toSeconds(url.cors.maxAge), - }; + ...defaultCors, + ...url.cors, + maxAge: url.cors.maxAge && toSeconds(url.cors.maxAge), + }; return { authorization, cors }; }); @@ -1379,7 +1379,7 @@ export class Function extends Component implements Link.Linkable { ]).apply(([natGateways, natInstances]) => { if (natGateways.length === 0 && natInstances.length === 0) throw new VisibleError( - `The VPC configured for the function does not have NAT enabled. Enable NAT by configuring "nat" on the "sst.aws.Vpc" component.`, + `Functions that are running in a VPC need a NAT gateway. Enable it by setting "nat" on the "sst.aws.Vpc" component.`, ); return result; }); @@ -1424,7 +1424,7 @@ export class Function extends Component implements Link.Linkable { if (result.type === "error") { throw new VisibleError( `Failed to build function "${args.handler}": ` + - result.errors.join("\n").trim(), + result.errors.join("\n").trim(), ); } return result; @@ -1436,7 +1436,7 @@ export class Function extends Component implements Link.Linkable { if (result.type === "error") { throw new VisibleError( `Failed to build function "${args.handler}": ` + - result.errors.join("\n").trim(), + result.errors.join("\n").trim(), ); } return result; @@ -1483,7 +1483,7 @@ export class Function extends Component implements Link.Linkable { if (result.type === "error") { throw new VisibleError( `Failed to build function "${args.handler}": ` + - result.errors.join("\n").trim(), + result.errors.join("\n").trim(), ); } return result; @@ -1528,12 +1528,12 @@ export class Function extends Component implements Link.Linkable { const linkInjection = hasLinkInjections ? linkData - .map((item) => [ - `process.env["SST_RESOURCE_${item.name}"] = ${JSON.stringify( - JSON.stringify(item.properties), - )};\n`, - ]) - .join("") + .map((item) => [ + `process.env["SST_RESOURCE_${item.name}"] = ${JSON.stringify( + JSON.stringify(item.properties), + )};\n`, + ]) + .join("") : ""; const parsed = path.posix.parse(handler); @@ -1563,21 +1563,21 @@ export class Function extends Component implements Link.Linkable { name: path.posix.join(handlerDir, `${newHandlerFileName}.mjs`), content: streaming ? [ - linkInjection, - `export const ${newHandlerFunction} = awslambda.streamifyResponse(async (event, responseStream, context) => {`, - ...injections, - ` const { ${oldHandlerFunction}: rawHandler} = await import("./${oldHandlerFileName}${newHandlerFileExt}");`, - ` return rawHandler(event, responseStream, context);`, - `});`, - ].join("\n") + linkInjection, + `export const ${newHandlerFunction} = awslambda.streamifyResponse(async (event, responseStream, context) => {`, + ...injections, + ` const { ${oldHandlerFunction}: rawHandler} = await import("./${oldHandlerFileName}${newHandlerFileExt}");`, + ` return rawHandler(event, responseStream, context);`, + `});`, + ].join("\n") : [ - linkInjection, - `export const ${newHandlerFunction} = async (event, context) => {`, - ...injections, - ` const { ${oldHandlerFunction}: rawHandler} = await import("./${oldHandlerFileName}${newHandlerFileExt}");`, - ` return rawHandler(event, context);`, - `};`, - ].join("\n"), + linkInjection, + `export const ${newHandlerFunction} = async (event, context) => {`, + ...injections, + ` const { ${oldHandlerFunction}: rawHandler} = await import("./${oldHandlerFileName}${newHandlerFileExt}");`, + ` return rawHandler(event, context);`, + `};`, + ].join("\n"), }, }; }, @@ -1602,18 +1602,18 @@ export class Function extends Component implements Link.Linkable { })), ...(dev ? [ - { - actions: ["iot:*"], - resources: ["*"], - }, - { - actions: ["s3:*"], - resources: [ - interpolate`arn:aws:s3:::${bootstrapData.asset}`, - interpolate`arn:aws:s3:::${bootstrapData.asset}/*`, - ], - }, - ] + { + actions: ["iot:*"], + resources: ["*"], + }, + { + actions: ["s3:*"], + resources: [ + interpolate`arn:aws:s3:::${bootstrapData.asset}`, + interpolate`arn:aws:s3:::${bootstrapData.asset}/*`, + ], + }, + ] : []), ], }), @@ -1626,29 +1626,28 @@ export class Function extends Component implements Link.Linkable { { assumeRolePolicy: !$dev ? iam.assumeRolePolicyForPrincipal({ - Service: "lambda.amazonaws.com", - }) + Service: "lambda.amazonaws.com", + }) : iam.getPolicyDocumentOutput({ - statements: [ - { - actions: ["sts:AssumeRole"], - principals: [ - { - type: "Service", - identifiers: ["lambda.amazonaws.com"], - }, - { - type: "AWS", - identifiers: [ - interpolate`arn:aws:iam::${ - getCallerIdentityOutput().accountId + statements: [ + { + actions: ["sts:AssumeRole"], + principals: [ + { + type: "Service", + identifiers: ["lambda.amazonaws.com"], + }, + { + type: "AWS", + identifiers: [ + interpolate`arn:aws:iam::${getCallerIdentityOutput().accountId }:root`, - ], - }, - ], - }, - ], - }).json, + ], + }, + ], + }, + ], + }).json, // if there are no statements, do not add an inline policy. // adding an inline policy with no statements will cause an error. inlinePolicies: policy.apply(({ statements }) => @@ -1657,13 +1656,13 @@ export class Function extends Component implements Link.Linkable { managedPolicyArns: logging.apply((logging) => [ ...(logging ? [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ] + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + ] : []), ...(vpc ? [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - ] + "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", + ] : []), ]), }, @@ -1791,9 +1790,9 @@ export class Function extends Component implements Link.Linkable { entry.isDir ? archive.directory(entry.from, entry.to, { date: new Date(0) }) : archive.file(entry.from, { - name: entry.to, - date: new Date(0), - }); + name: entry.to, + date: new Date(0), + }); }); await archive.finalize(); }); @@ -1828,9 +1827,8 @@ export class Function extends Component implements Link.Linkable { args.transform?.logGroup, `${name}LogGroup`, { - name: interpolate`/aws/lambda/${ - args.name ?? physicalName(64, `${name}Function`) - }`, + name: interpolate`/aws/lambda/${args.name ?? physicalName(64, `${name}Function`) + }`, retentionInDays: RETENTION[logging.retention], }, { parent }, @@ -1889,21 +1887,21 @@ export class Function extends Component implements Link.Linkable { reservedConcurrentExecutions: concurrency?.reserved, ...(isContainer ? { - packageType: "Image", - imageUri: imageAsset!.ref.apply( - (ref) => ref?.replace(":latest", ""), - ), - imageConfig: { - commands: [handler], - }, - } + packageType: "Image", + imageUri: imageAsset!.ref.apply( + (ref) => ref?.replace(":latest", ""), + ), + imageConfig: { + commands: [handler], + }, + } : { - packageType: "Zip", - s3Bucket: zipAsset!.bucket, - s3Key: zipAsset!.key, - handler: unsecret(handler), - runtime, - }), + packageType: "Zip", + s3Bucket: zipAsset!.bucket, + s3Key: zipAsset!.key, + handler: unsecret(handler), + runtime, + }), }, { parent }, ); @@ -1913,14 +1911,14 @@ export class Function extends Component implements Link.Linkable { ...transformed[1], ...(dev ? { - description: transformed[1].description - ? output(transformed[1].description).apply( - (v) => `${v.substring(0, 240)} (live)`, - ) - : "live", - runtime: "provided.al2023", - architectures: ["x86_64"], - } + description: transformed[1].description + ? output(transformed[1].description).apply( + (v) => `${v.substring(0, 240)} (live)`, + ) + : "live", + runtime: "provided.al2023", + architectures: ["x86_64"], + } : {}), }, transformed[2],