Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_lambda_nodejs: default bundling option never bundle AWS SDK #32623

Open
cm-iwata opened this issue Dec 21, 2024 · 3 comments
Open

aws_lambda_nodejs: default bundling option never bundle AWS SDK #32623

cm-iwata opened this issue Dec 21, 2024 · 3 comments
Labels
@aws-cdk/aws-lambda-nodejs documentation This is a problem with documentation. effort/medium Medium work item – several days of effort p3

Comments

@cm-iwata
Copy link
Contributor

Describe the issue

If deploy a NodejsFunction with code like the one below, the AWS SDK specified in package.json will not be bundled in the assets.

new nodejs.NodejsFunction(this, 'my-handler', {
 bundling: {
     network: 'host',
     securityOpt: 'no-new-privileges',
     user: 'user:group',
     volumesFrom: ['777f7dc92da7'],
     volumes: [{ hostPath: '/host-path', containerPath: '/container-path' }],
  },
});

As a result, our application will use the AWS SDK built into the Lambda execution environment by default.

The Lambda documentation states the following and recommends including the AWS SDK in your deployment package.

Control the dependencies in your function's deployment package. The AWS Lambda execution environment contains a number of libraries. For the Node.js and Python runtimes, these include the AWS SDKs. To enable the latest set of features and security updates, Lambda will periodically update these libraries. These updates may introduce subtle changes to the behavior of your Lambda function. To have full control of the dependencies your function uses, package all of your dependencies with your deployment package.

https://docs.aws.amazon.com/lambda/latest/dg/nodejs-handler.html#nodejs-best-practices

The default bundling options may break AWS SDK compatibility, so I think the CDK documentation should also clearly warn about this.

Links

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda_nodejs.BundlingOptions.html
@cm-iwata cm-iwata added documentation This is a problem with documentation. needs-triage This issue or PR still needs to be triaged. labels Dec 21, 2024
@nmussy
Copy link
Contributor

nmussy commented Dec 21, 2024

This is very fair, the intended meaning of "package all of your dependencies" is not to just list them in your package.json, but to use a bundler like esbuild or webpack yourself instead of having the CDK create the bundle. "Bundling your dependencies" might be clearer and avoid the confusion between packaging and package.json.

@pahud
Copy link
Contributor

pahud commented Dec 23, 2024

guess you need

bundleAwsSDK: true,

as described in the README?

@pahud pahud added effort/medium Medium work item – several days of effort p3 and removed needs-triage This issue or PR still needs to be triaged. labels Dec 23, 2024
@cm-iwata
Copy link
Contributor Author

@pahud

That's right.

The default value of bundleAwsSDK is false, so we need to explicitly set bundleAwsSDK to true.

As mentioned above, the Lambda documentation states that it is best practice to explicitly include the version of the AWS SDK we use in deployment package...in other words, to bundle it.
So we need to be careful with this CDK behavior.

In my opinion, It is better to issue a warning with [!WARNING], just like this.

aws-cdk/packages/aws-cdk-lib/aws-lambda-nodejs/README.md

Line 161 in 8718767

> [!WARNING]

Similarly, I think a warning should be added to the following documentation.

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda_nodejs.NodejsFunction.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-lambda-nodejs documentation This is a problem with documentation. effort/medium Medium work item – several days of effort p3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pahud @nmussy @cm-iwata