serverless-application-model icon indicating copy to clipboard operation
serverless-application-model copied to clipboard

Published 20 hours ago verified publisher icon aws

[Feature Request] Enable using AWS::NoValue to omit Role parameter in SAM Function

Open SherrryX opened this issue 9 months ago • 4 comments

We want to implement optional role configuration in SAM function templates. This would work in two ways:

  • When a role ARN is provided, the function will use the specified role
  • When no role is provided, SAM will automatically create an execution role

Please consider to allow Cloudformation AWS::NoValue for this use case. SAM currently does not support AWS::NoValue probably due to this code.

SherrryX avatar Mar 03 '25 23:03 SherrryX

Thanks for your feature request. Can you add an example of the use case where this would be used?

SAM transform doesn't know the value of parameters during the transform, so it won't be able to know exactly the result of the condition, but we can make this work in SAM's code by adding a condition to the role resource created, so it only gets created depending on the same condition that you put in the function's role.

A workaround that exists right now for this use case would be to use the AWS::LanguageExtensions transform, which effectively resolves the !If and the AWS::NoValue before it gets passed to the SAM transform, so SAM will directly get the role name only in the right case and will receive nothing when the condition is false (therefore, SAM will create the role)

Just remember to add the LanguageExtensions transform before the Serverless transform:

Transform:
  - AWS::LanguageExtensions
  - AWS::Serverless-2016-10-31

We will still track this as a feature request, and we're open to contributions if you or someone else wants to send a Pull Request for this.

valerena avatar Mar 04 '25 18:03 valerena

Thanks Renato for providing this workaround! It seems to be working for my use case, however SAR does not support AWS::LanguageExtensions.

Can you add an example of the use case where this would be used? We have SAM templates for customers to deploy lambdas. Currently SAM will create the execution role automatically. We would like to allow customers to provide their own roles when needed, so the current SAM templates need to allow conditions: if a role is given, lambda is created with the given role; if a role is not given, SAM creates one by default.

SherrryX avatar Mar 04 '25 23:03 SherrryX

Hi @SherrryX could you help to explain why SAR is required in this case? A example template would be helpful

roger-zhangg avatar Mar 14 '25 18:03 roger-zhangg

Hi @SherrryX could you help to explain why SAR is required in this case? A example template would be helpful

Hi Roger, Ideally we would like to maintain the parity across SAM and SAR when we added the optional Role parameter to our SAM templates. It is a benefit to our customers with more options.

SherrryX avatar Mar 14 '25 20:03 SherrryX