Search code examples
amazon-web-servicesserverlessserverless-frameworkaws-ssm

How do I solve this Serverless.yml ssm dynamic path creation problem?

Fairly new to Serverless and am having problems creating a dynamic path to an SSM parameter..... I have tried a fair few ideas but am sure that this is really close but its not quite there....

I'm trying to generate an ssm path as a custom variable that will then be used to populate a value for a Lambda function.

Here's the custom variable code

custom
   securityGroupSsmPath:
      dev: "${self:service}/${self:custom.stage}/rds/lambdasecuritygroup"
      other: "${self:service}/${env:SHARED_INFRASTRUCTURE_ENV}/rds/lambdasecuritygroup"
   securityGroupId: ${ssm:, "${self:custom.securityGroupSsmPath.${env:SHARED_INFRASTRUCTURE_ENV}, self:custom.securityGroupSsmPath.other}"}

And here is where it is referenced in the function

functions:
  someLambda:
    handler: build/handlers/someLambda/handler.handler
    timeout: 60
    memorySize: 256
    vpc:
      securityGroupIds:
        - ${self:custom.securityGroupId}

And here is the error output. It seems like it is not resolving the ssm parameter

 Serverless Error ----------------------------------------
     
Cannot resolve serverless.yml: Variables resolution errored with:
 - Cannot resolve variable at "custom.securityGroupId": Parameter name: can't be prefixed with "ssm" (case-insensitive). If formed as a path, it can consist of sub-paths divided by slash symbol; each sub-path can be formed as a mix of letters, numbers and the following 3 symbols .-_

All help much appreciated,

Thanks!

Sam

Solution

  • In the end we tried numerous implementations and the issue seemed to boil down to trying to both retrieve the ssm value for securityGroupId and also parse and default the second variable within it.

    The solution ended up being as follows where we removed the parsing/default variable from within ssm step. Additionally we had to remove some of the double quotes on the custom vars:-

    custom
   securityGroupSsmPath:
      dev: ${self:service}/${self:custom.stage}/rds/lambdasecuritygroup
      other: ${self:service}/${env:SHARED_INFRASTRUCTURE_ENV}/rds/lambdasecuritygroup
   securityGroupId: ${self:custom.securityGroupSsmPath.${env:SHARED_INFRASTRUCTURE_ENV}, self:custom.securityGroupSsmPath.other}

functions:
  someLambda:
    handler: build/handlers/someLambda/handler.handler
    timeout: 60
    memorySize: 256
    vpc:
      securityGroupIds:
        - ${ssm:/${self:custom.securityGroupId}}