feat: support for lambda event destinations (#1321)

Author: praneetap

docs/cloudformation_compatibility.rst

@@ -63,6 +63,7 @@ DeploymentPreference               All
 Layers                             All
 AutoPublishAlias             Ref of a CloudFormation Parameter  Alias resources created by SAM uses a LocicalId <FunctionLogicalId+AliasName>. So SAM either needs a string for alias name, or a Ref to template Parameter that SAM can resolve into a string.
 ReservedConcurrentExecutions       All
+EventInvokeConfig                  All
 ============================ ================================== ========================
 
 Events Properties

docs/globals.rst

@@ -69,6 +69,7 @@ Currently, the following resources and properties are being supported:
       DeploymentPreference:
       PermissionsBoundary:
       ReservedConcurrentExecutions:
+      EventInvokeConfig:
 
     Api:
       # Properties of AWS::Serverless::Api

examples/2016-10-31/function_lambda_event_destinations/README.md

@@ -0,0 +1,19 @@
+# API Gateway + Lambda REQUEST Authorizer Example
+
+This example shows you how to configure Event Invoke Config on a function.
+
+## Running the example
+
+Replace the Destination Arns for SQS, SNS, EventBridge with valid arns. 
+Deploy the example into your account:
+
+```bash
+$ sam deploy \
+    --template-file /path_to_template/packaged-template.yaml \
+    --stack-name my-new-stack \
+    --capabilities CAPABILITY_IAM
+```
+
+## Additional resources
+
+- https://aws.amazon.com/blogs/compute/introducing-aws-lambda-destinations/

examples/2016-10-31/function_lambda_event_destinations/src/index.js

@@ -0,0 +1,15 @@
+exports.handler = function(event, context, callback) {
+  var event_received_at = new Date().toISOString();
+  console.log('Event received at: ' + event_received_at);
+  console.log('Received event:', JSON.stringify(event, null, 2));
+
+  if (event.Success) {
+      console.log("Success");
+      context.callbackWaitsForEmptyEventLoop = false;
+      callback(null);
+  } else {
+      console.log("Failure");
+      context.callbackWaitsForEmptyEventLoop = false;
+      callback(new Error("Failure from event, Success = false, I am failing!"), 'Destination Function Error Thrown');
+  }
+};      

examples/2016-10-31/function_lambda_event_destinations/template.yaml

@@ -0,0 +1,83 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Transform: AWS::Serverless-2016-10-31
+Description: Lambda Event Destinations
+Parameters:
+  SQSArn:
+    Type: String
+    Default: my-sqs-arn
+  UseExistingQueue:
+    Type: String
+    AllowedValues:
+      - true
+      - false
+    Default: true
+  CreateSNSTopic:
+    Type: String
+    AllowedValues:
+      - true
+      - false
+    Default: true
+Conditions:
+  QueueCreationDisabled: !Equals [!Ref UseExistingQueue, true]
+  TopicCreationEnabled: !Equals [!Ref CreateSNSTopic, true]
+
+Resources:
+  EventDestinationLambda:
+    Type: AWS::Serverless::Function
+    Properties:
+      EventInvokeConfig:
+        MaximumEventAgeInSeconds: 70
+        MaximumRetryAttempts: 1
+        DestinationConfig:
+          OnSuccess:
+            Type: Lambda
+            # If the type is Lambda/EventBridge, Destination property is required.
+            Destination: !GetAtt DestinationLambda.Arn
+          OnFailure: 
+            # SQS and SNS will get auto-created if the Destination property is not specified or is AWS::NoValue
+            Type: SQS
+      CodeUri: ./src/
+      Handler: index.handler
+      Runtime: nodejs10.x
+      MemorySize: 1024
+
+  EventDestinationSQSSNS:
+    Type: AWS::Serverless::Function
+    Properties:
+      EventInvokeConfig:
+        MaximumEventAgeInSeconds: 70
+        MaximumRetryAttempts: 1
+        DestinationConfig:
+          OnSuccess:
+            Type: SQS
+            Destination: !If [QueueCreationDisabled, !Ref SQSArn, !Ref 'AWS::NoValue']
+          OnFailure: 
+            Type: SNS
+            Destination: !If [TopicCreationEnabled, !Ref 'AWS::NoValue', 'SOME-SNS-ARN']
+      CodeUri: ./src/
+      Handler: index.handler
+      Runtime: nodejs10.x
+      MemorySize: 1024
+
+  DestinationLambda:
+    Type: AWS::Serverless::Function
+    Properties:
+      InlineCode: |
+        exports.handler = async (event) => {
+          const response = {
+            statusCode: 200,
+            body: JSON.stringify('Hello from Lambda!'),
+          };
+          return response;
+        };
+      Handler: index.handler
+      Runtime: nodejs10.x
+      MemorySize: 1024
+  SNSSubscription:
+    Type: AWS::SNS::Subscription
+    Condition: TopicCreationEnabled
+    Properties: 
+      Endpoint: [email protected]
+      Protocol: email
+      # Refer to the auto-created SNS topic using <function-logical-id>.DestinationTopic
+      TopicArn: !Ref EventDestinationSQSSNS.DestinationTopic 

samtranslator/model/iam.py

@@ -91,3 +91,31 @@ def sns_publish_role_policy(cls, topic_arn, logical_id):
             }
         }
         return document
+
+    @classmethod
+    def event_bus_put_events_role_policy(cls, event_bus_arn, logical_id):
+        document = {
+            'PolicyName': logical_id + 'EventBridgePolicy',
+            'PolicyDocument': {
+                'Statement': [{
+                    'Action': 'events:PutEvents',
+                    'Effect': 'Allow',
+                    'Resource': event_bus_arn
+                }]
+            }
+        }
+        return document
+
+    @classmethod
+    def lambda_invoke_function_role_policy(cls, function_arn, logical_id):
+        document = {
+            'PolicyName': logical_id + 'LambdaPolicy',
+            'PolicyDocument': {
+                'Statement': [{
+                    'Action': 'lambda:InvokeFunction',
+                    'Effect': 'Allow',
+                    'Resource': function_arn
+                }]
+            }
+        }
+        return document

samtranslator/model/intrinsics.py

@@ -20,12 +20,24 @@ def fnOr(argument_list):
     return {'Fn::Or': argument_list}
 
 
-def make_conditional(condition, data):
+def fnAnd(argument_list):
+    return {'Fn::And': argument_list}
+
+
+def make_conditional(condition, true_data, false_data={'Ref': 'AWS::NoValue'}):
     return {
         'Fn::If': [
             condition,
-            data,
-            {'Ref': 'AWS::NoValue'}
+            true_data,
+            false_data
+        ]
+    }
+
+
+def make_not_conditional(condition):
+    return {
+        'Fn::Not': [
+            {'Condition': condition}
         ]
     }
 
@@ -44,6 +56,12 @@ def make_or_condition(conditions_list):
     return condition
 
 
+def make_and_condition(conditions_list):
+    and_list = make_condition_or_list(conditions_list)
+    condition = fnAnd(and_list)
+    return condition
+
+
 def calculate_number_of_conditions(conditions_length, max_conditions):
     """
     Every condition can hold up to max_conditions, which (as of writing this) is 10.

samtranslator/model/lambda_.py

@@ -92,6 +92,17 @@ class LambdaPermission(Resource):
     }
 
 
+class LambdaEventInvokeConfig(Resource):
+    resource_type = 'AWS::Lambda::EventInvokeConfig'
+    property_types = {
+        'DestinationConfig': PropertyType(False, is_type(dict)),
+        'FunctionName': PropertyType(True, is_str()),
+        'MaximumEventAgeInSeconds': PropertyType(False, is_type(int)),
+        'MaximumRetryAttempts': PropertyType(False, is_type(int)),
+        'Qualifier': PropertyType(True, is_str())
+    }
+
+
 class LambdaLayerVersion(Resource):
     """ Lambda layer version resource
     """