Release Changes for 1.25.0

Author: awood45

samtranslator/__init__.py

@@ -1 +1 @@
-__version__ = "1.24.0"
+__version__ = "1.25.0"

samtranslator/model/lambda_.py

@@ -22,6 +22,7 @@ class LambdaFunction(Resource):
         "KmsKeyArn": PropertyType(False, one_of(is_type(dict), is_str())),
         "Layers": PropertyType(False, list_of(one_of(is_str(), is_type(dict)))),
         "ReservedConcurrentExecutions": PropertyType(False, any_type()),
+        "FileSystemConfigs": PropertyType(False, list_of(is_type(dict))),
     }
 
     runtime_attrs = {"name": lambda self: ref(self.logical_id), "arn": lambda self: fnGetAtt(self.logical_id, "Arn")}

samtranslator/model/sam_resources.py

@@ -82,6 +82,7 @@ class SamFunction(SamResourceMacro):
         "AutoPublishCodeSha256": PropertyType(False, one_of(is_str())),
         "VersionDescription": PropertyType(False, is_str()),
         "ProvisionedConcurrencyConfig": PropertyType(False, is_type(dict)),
+        "FileSystemConfigs": PropertyType(False, list_of(is_type(dict))),
     }
     event_resolver = ResourceTypeResolver(
         samtranslator.model.eventsources,
@@ -404,6 +405,7 @@ def _construct_lambda_function(self):
         lambda_function.ReservedConcurrentExecutions = self.ReservedConcurrentExecutions
         lambda_function.Tags = self._construct_tag_list(self.Tags)
         lambda_function.Layers = self.Layers
+        lambda_function.FileSystemConfigs = self.FileSystemConfigs
 
         if self.Tracing:
             lambda_function.TracingConfig = {"Mode": self.Tracing}

samtranslator/plugins/globals/globals.py

@@ -40,6 +40,7 @@ class Globals(object):
             "ProvisionedConcurrencyConfig",
             "AssumeRolePolicyDocument",
             "EventInvokeConfig",
+            "FileSystemConfigs",
         ],
         # Everything except
         #   DefinitionBody: because its hard to reason about merge of Swagger dictionaries

samtranslator/policy_templates_data/policy_templates.json

@@ -2260,6 +2260,52 @@
           }
         ]
       }
+    },
+    "EFSWriteAccessPolicy": {
+      "Description": "Gives permission to mount an Elastic File System with write access",
+      "Parameters": {
+        "FileSystem": {
+          "Description": "Resource ID of the Elastic File System"
+        },
+        "AccessPoint": {
+          "Description": "Resource ID of the Elastic File System Access Point"
+        }
+      },
+      "Definition": {
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Action": [
+              "elasticfilesystem:ClientMount",
+              "elasticfilesystem:ClientWrite"
+            ],
+            "Resource": {
+              "Fn::Sub": [
+                "arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${FileSystem}",
+                {
+                  "FileSystem": {
+                    "Ref": "FileSystem"
+                  }
+                }
+              ]
+            },
+            "Condition": {
+              "StringEquals": {
+                "elasticfilesystem:AccessPointArn": {
+                  "Fn::Sub": [
+                    "arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:access-point/${AccessPoint}",
+                    {
+                      "AccessPoint": {
+                        "Ref": "AccessPoint"
+                      }
+                    }
+                  ]
+                }
+              }
+            }
+          }
+        ]
+      }
     }
   }
 }

tests/translator/input/function_with_file_system_config.yaml

@@ -0,0 +1,53 @@
+Description: SAM + Lambda + EFS
+
+Parameters:
+  ExistingEfsFileSystem:
+    Type: String
+
+  SecurityGroupIds:
+    Type: List<AWS::EC2::SecurityGroup::Id>
+    Description: Security Group IDs that Lambda will use
+
+  VpcSubnetIds:
+    Type: List<AWS::EC2::Subnet::Id>
+    Description: VPC Subnet IDs that Lambda will use
+
+Resources:
+  EfsFileSystem:
+    Type: AWS::EFS::FileSystem
+
+  MountTarget:
+    Type: AWS::EFS::MountTarget
+    Properties:
+      FileSystemId: !Ref EfsFileSystem
+      SubnetId: subnet-abc123
+      SecurityGroups: !Ref SecurityGroupIds
+
+  AccessPoint:
+    Type: AWS::EFS::AccessPoint
+    Properties:
+      FileSystemId: !Ref EfsFileSystem
+
+  LambdaFunctionWithEfs:
+    Type: AWS::Serverless::Function
+    Properties:
+      InlineCode: |
+        const fs = require('fs')
+        const path = require('path')
+        const efsMountPath = '/mnt/efs'
+
+        exports.handler = async (event, context, callback) => {
+        const directory = path.join(efsMountPath, event.body)
+        const files = fs.readdirSync(directory)
+        return files
+        }
+      Handler: index.handler
+      MemorySize: 128
+      Runtime: nodejs12.x
+      Timeout: 3
+      VpcConfig:
+        SecurityGroupIds: !Ref SecurityGroupIds
+        SubnetIds: !Ref VpcSubnetIds
+      FileSystemConfigs:
+        - Arn: !GetAtt AccessPoint.Arn
+          LocalMountPath: /mnt/EFS

tests/translator/output/aws-cn/function_with_file_system_config.json

@@ -0,0 +1,115 @@
+{
+  "Resources": {
+    "EfsFileSystem": {
+      "Type": "AWS::EFS::FileSystem"
+    }, 
+    "LambdaFunctionWithEfs": {
+      "Type": "AWS::Lambda::Function", 
+      "Properties": {
+        "Code": {
+          "ZipFile": "const fs = require('fs')\nconst path = require('path')\nconst efsMountPath = '/mnt/efs'\n\nexports.handler = async (event, context, callback) => {\nconst directory = path.join(efsMountPath, event.body)\nconst files = fs.readdirSync(directory)\nreturn files\n}\n"
+        }, 
+        "VpcConfig": {
+          "SubnetIds": {
+            "Ref": "VpcSubnetIds"
+          }, 
+          "SecurityGroupIds": {
+            "Ref": "SecurityGroupIds"
+          }
+        }, 
+        "Tags": [
+          {
+            "Value": "SAM", 
+            "Key": "lambda:createdBy"
+          }
+        ], 
+        "MemorySize": 128, 
+        "Handler": "index.handler", 
+        "Role": {
+          "Fn::GetAtt": [
+            "LambdaFunctionWithEfsRole", 
+            "Arn"
+          ]
+        }, 
+        "Timeout": 3, 
+        "FileSystemConfigs": [
+          {
+            "Arn": {
+              "Fn::GetAtt": [
+                "AccessPoint", 
+                "Arn"
+              ]
+            }, 
+            "LocalMountPath": "/mnt/EFS"
+          }
+        ], 
+        "Runtime": "nodejs12.x"
+      }
+    }, 
+    "MountTarget": {
+      "Type": "AWS::EFS::MountTarget", 
+      "Properties": {
+        "SubnetId": "subnet-abc123", 
+        "FileSystemId": {
+          "Ref": "EfsFileSystem"
+        }, 
+        "SecurityGroups": {
+          "Ref": "SecurityGroupIds"
+        }
+      }
+    }, 
+    "LambdaFunctionWithEfsRole": {
+      "Type": "AWS::IAM::Role", 
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Version": "2012-10-17", 
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ], 
+              "Effect": "Allow", 
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ]
+        }, 
+        "ManagedPolicyArns": [
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", 
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
+        ], 
+        "Tags": [
+          {
+            "Value": "SAM", 
+            "Key": "lambda:createdBy"
+          }
+        ]
+      }
+    }, 
+    "AccessPoint": {
+      "Type": "AWS::EFS::AccessPoint", 
+      "Properties": {
+        "FileSystemId": {
+          "Ref": "EfsFileSystem"
+        }
+      }
+    }
+  }, 
+  "Description": "SAM + Lambda + EFS", 
+  "Parameters": {
+    "ExistingEfsFileSystem": {
+      "Type": "String"
+    }, 
+    "VpcSubnetIds": {
+      "Type": "List<AWS::EC2::Subnet::Id>", 
+      "Description": "VPC Subnet IDs that Lambda will use"
+    }, 
+    "SecurityGroupIds": {
+      "Type": "List<AWS::EC2::SecurityGroup::Id>", 
+      "Description": "Security Group IDs that Lambda will use"
+    }
+  }
+}

tests/translator/output/aws-us-gov/function_with_file_system_config.json

@@ -0,0 +1,115 @@
+{
+  "Resources": {
+    "EfsFileSystem": {
+      "Type": "AWS::EFS::FileSystem"
+    }, 
+    "LambdaFunctionWithEfs": {
+      "Type": "AWS::Lambda::Function", 
+      "Properties": {
+        "Code": {
+          "ZipFile": "const fs = require('fs')\nconst path = require('path')\nconst efsMountPath = '/mnt/efs'\n\nexports.handler = async (event, context, callback) => {\nconst directory = path.join(efsMountPath, event.body)\nconst files = fs.readdirSync(directory)\nreturn files\n}\n"
+        }, 
+        "VpcConfig": {
+          "SubnetIds": {
+            "Ref": "VpcSubnetIds"
+          }, 
+          "SecurityGroupIds": {
+            "Ref": "SecurityGroupIds"
+          }
+        }, 
+        "Tags": [
+          {
+            "Value": "SAM", 
+            "Key": "lambda:createdBy"
+          }
+        ], 
+        "MemorySize": 128, 
+        "Handler": "index.handler", 
+        "Role": {
+          "Fn::GetAtt": [
+            "LambdaFunctionWithEfsRole", 
+            "Arn"
+          ]
+        }, 
+        "Timeout": 3, 
+        "FileSystemConfigs": [
+          {
+            "Arn": {
+              "Fn::GetAtt": [
+                "AccessPoint", 
+                "Arn"
+              ]
+            }, 
+            "LocalMountPath": "/mnt/EFS"
+          }
+        ], 
+        "Runtime": "nodejs12.x"
+      }
+    }, 
+    "MountTarget": {
+      "Type": "AWS::EFS::MountTarget", 
+      "Properties": {
+        "SubnetId": "subnet-abc123", 
+        "FileSystemId": {
+          "Ref": "EfsFileSystem"
+        }, 
+        "SecurityGroups": {
+          "Ref": "SecurityGroupIds"
+        }
+      }
+    }, 
+    "LambdaFunctionWithEfsRole": {
+      "Type": "AWS::IAM::Role", 
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Version": "2012-10-17", 
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ], 
+              "Effect": "Allow", 
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ]
+        }, 
+        "ManagedPolicyArns": [
+          "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", 
+          "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
+        ], 
+        "Tags": [
+          {
+            "Value": "SAM", 
+            "Key": "lambda:createdBy"
+          }
+        ]
+      }
+    }, 
+    "AccessPoint": {
+      "Type": "AWS::EFS::AccessPoint", 
+      "Properties": {
+        "FileSystemId": {
+          "Ref": "EfsFileSystem"
+        }
+      }
+    }
+  }, 
+  "Description": "SAM + Lambda + EFS", 
+  "Parameters": {
+    "ExistingEfsFileSystem": {
+      "Type": "String"
+    }, 
+    "VpcSubnetIds": {
+      "Type": "List<AWS::EC2::Subnet::Id>", 
+      "Description": "VPC Subnet IDs that Lambda will use"
+    }, 
+    "SecurityGroupIds": {
+      "Type": "List<AWS::EC2::SecurityGroup::Id>", 
+      "Description": "Security Group IDs that Lambda will use"
+    }
+  }
+}

tests/translator/output/error_globals_unsupported_property.json

@@ -1,8 +1,8 @@
 {
   "errors": [
     {
-      "errorMessage": "'Globals' section is invalid. 'SomeKey' is not a supported property of 'Function'. Must be one of the following values - ['Handler', 'Runtime', 'CodeUri', 'DeadLetterQueue', 'Description', 'MemorySize', 'Timeout', 'VpcConfig', 'Environment', 'Tags', 'Tracing', 'KmsKeyArn', 'AutoPublishAlias', 'Layers', 'DeploymentPreference', 'PermissionsBoundary', 'ReservedConcurrentExecutions', 'ProvisionedConcurrencyConfig', 'EventInvokeConfig']"
+      "errorMessage": "'Globals' section is invalid. 'SomeKey' is not a supported property of 'Function'. Must be one of the following values - ['Handler', 'Runtime', 'CodeUri', 'DeadLetterQueue', 'Description', 'MemorySize', 'Timeout', 'VpcConfig', 'Environment', 'Tags', 'Tracing', 'KmsKeyArn', 'AutoPublishAlias', 'Layers', 'DeploymentPreference', 'PermissionsBoundary', 'ReservedConcurrentExecutions', 'ProvisionedConcurrencyConfig', 'EventInvokeConfig', 'FileSystemConfigs']"
     }
   ],
-  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. 'Globals' section is invalid. 'SomeKey' is not a supported property of 'Function'. Must be one of the following values - ['Handler', 'Runtime', 'CodeUri', 'DeadLetterQueue', 'Description', 'MemorySize', 'Timeout', 'VpcConfig', 'Environment', 'Tags', 'Tracing', 'KmsKeyArn', 'AutoPublishAlias', 'Layers', 'DeploymentPreference', 'PermissionsBoundary', 'ReservedConcurrentExecutions', 'ProvisionedConcurrencyConfig', 'AssumeRolePolicyDocument', 'EventInvokeConfig']"
+  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. 'Globals' section is invalid. 'SomeKey' is not a supported property of 'Function'. Must be one of the following values - ['Handler', 'Runtime', 'CodeUri', 'DeadLetterQueue', 'Description', 'MemorySize', 'Timeout', 'VpcConfig', 'Environment', 'Tags', 'Tracing', 'KmsKeyArn', 'AutoPublishAlias', 'Layers', 'DeploymentPreference', 'PermissionsBoundary', 'ReservedConcurrentExecutions', 'ProvisionedConcurrencyConfig', 'AssumeRolePolicyDocument', 'EventInvokeConfig', 'FileSystemConfigs']"
 }