Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EFS throws a warning when it shouldn't (I think) #8189

Closed
jliebrand opened this issue Sep 4, 2020 · 11 comments · Fixed by #8265
Closed

EFS throws a warning when it shouldn't (I think) #8189

jliebrand opened this issue Sep 4, 2020 · 11 comments · Fixed by #8265
Labels
bug/design Functionality design flaw cat/lambda good first issue help wanted

Comments

@jliebrand
Copy link

I am using the new support for EFS. Another stack outputs the ARN of the EFS and I use it as follows

functions:
  myLambda:
    handler: src/main.something
    fileSystemConfig:
      localMountPath: /mnt/efs
      arn:
        'Fn::ImportValue': ${self:custom.stage}-my-efs-access-point-arn

While this works, it throws the following warning during deploy:

Serverless: Configuration warning at 'functions.myLambda.fileSystemConfig.arn': should be string

Looks like the validation doesn't realise values can be imported?
@medikoo
Copy link
Contributor

medikoo commented Sep 4, 2020

@jliebrand thanks for reporting, it looks as a good call.

At first we decided to stick to string notation, as I falsely thought (see: #8042 (comment) ) it's only with string we can setup IAM access right properly, but it appers it's not true (we can also pass CF instructions to Resource in IAM statement)

In light of that we definitely welcome PR that will improve recognized support for arn input.

/cc @pgrzesik

@jliebrand
Copy link
Author

No worries - It's not blocking me, so realistically I'm not going to have time for a PR, but if it does, I'll ping you.

However, I do have a different question. I used the example cloudformation to create a VPC and got that to work. However, I need my lambdas to not only access the EFS, but also the internet. Which looks like I need a NAT gateway also? This is quickly snowballing in to way more configuration than I had hoped for :-(

I'm now trying to use https://www.serverless.com/plugins/serverless-vpc-plugin which gets me a VPC and a NAT gateway, but if I put both the EFS and the lambda on the same subnet and security group, it fails to mount the EFS (Status Code: 408; Error Code: EFSMountConnectivityException).

Does anyone have any examples on how to get a VPC set up that allows both access to the EFS and outgoing requests to the internet?

(my lambdas need to download data from the internet and put it in the EFS)

@pgrzesik
Copy link
Contributor

pgrzesik commented Sep 4, 2020
edited

@jliebrand Thanks a lot for reporting this.

@medikoo thanks for tagging me here. During work on #8164 I realized that there's nothing that blocks us from supporting CF instructions what is now also confirmed by @medikoo Given that I think that implementing support for that is a great idea.

I would love to work on adding that at the end of next week/next weekend if no one else picks it up until then 💯

As for your issue, @jliebrand, I'm not really familiar with serverless-vpc-plugin so I'm afraid I won't be of much help here. I would probably go by using plain CloudFormation to create VPC (e.g. based on this example: https://docs.aws.amazon.com/codebuild/latest/userguide/cloudformation-vpc-template.html) and deploy both EFS and Lambda into that VPC to verify if it works.

@medikoo
Copy link
Contributor

medikoo commented Sep 7, 2020

However, I do have a different question

@jliebrand for general questions best if you see https://forum.serverless.com/ or https://www.serverless.com/slack I do not have a direct answer for that.

I would love to work on adding that at the end of next week/next weekend

@pgrzesik great thanks! I think it's probably be as easy as switching chosen definition from awsArnString to awsArn. We had recently definitions for all CF instructions configured in schema, so it's just no question of choosing right one.

@pgrzesik pgrzesik mentioned this issue Sep 18, 2020
Merged
@corydorning53
Copy link

It is also throwing a warning in the following instance, when using pseudo parameters:

serverless.yml

fileSystemConfig:
      arn: !Sub arn:aws:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:access-point/fsap-00000000000000000
      localMountPath: /mnt/foo

warning:

14:09:25  Serverless: Configuration warning:
14:09:25  Serverless:   at 'functions.efsTest.fileSystemConfig.arn': unsupported object format

@medikoo
Copy link
Contributor

medikoo commented Oct 5, 2021

@corydorning53 Fn::Sub is currently not supported. Please open a new issue if you want such support

@corydorning53
Copy link

corydorning53 commented Oct 5, 2021 via email

@medikoo
Copy link
Contributor

medikoo commented Oct 5, 2021

@corydorning53 Pseudo parameters are supported, what's not supported is Fn::Sub construct in context of fileSystemConfig

@corydorning53
Copy link

corydorning53 commented Oct 5, 2021 via email

@corydorning53
Copy link

corydorning53 commented Oct 5, 2021 via email

@medikoo
Copy link
Contributor

medikoo commented Oct 6, 2021

Once Fn::Sub is supported, it'll work without issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/design Functionality design flaw cat/lambda good first issue help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(aws): add support for cf functions for fileSystemConfig pgrzesik/serverless
4 participants
@medikoo @pgrzesik @jliebrand @corydorning53