Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SAM deploy doesn't set environment variables

See original GitHub issue

Description

When using AWS SAM for local development, I can introduce environment variables by setting them in the template with no value, and then defining them in my environment. However, when I go to deploy, the environment variables do not appear to be inserted by sam package or sam deploy, and I get the following error on deploy:

Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: [/Resources/GeneratePlan/Type/Environment/Variables/SECRET_ACCESS_KEY] 'null' values are not allowed in templates

Where SECRET_ACCESS_KEY is one of my environment variables. I cannot find any documentation detailing how to deploy projects with environment variables, either by having them defined in my environment or providing them in an alternate config.

I don’t want to add the environment variables to my template.yml directly because this is stored in Git, and I don’t want to edit them manually into the packaged.yml file each time between the package and deploy steps as that’s cumbersome.

I haven’t seen any steps in the documentation or similar issues, so I presume this is either an edge case bug or I am just missing something simple (in which case I might file this as a documentation bug) 😄

Steps to reproduce

The following config is a minimal excerpt from mine:

AWSTemplateFormatVersion: '2010-09-09'

Transform: AWS::Serverless-2016-10-31

Globals:

  Function:
    Environment:
      Variables:
        SECRET_ACCESS_KEY:

Resources:

  AnswerChallenge:
    Type: "AWS::Serverless::Function"
    Properties:
      Runtime: nodejs8.10
      Handler: build/functions/answerChallenge.default
      CodeUri: ./
      Policies: AmazonDynamoDBFullAccess
      Events:
        GetRequest:
          Type: Api
          Properties:
            Path: /event
            Method: get

Observed result

When I run sam start-api with SECRET_ACCESS_KEY defined, the lambda works as expected. When I attempt to deploy with sam package and sam deploy, I receive an error about undefined variables.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

OS: MacOS
sam --version: 0.11

Issue Analytics

State:
Created 4 years ago
Reactions:38
Comments:47 (7 by maintainers)

Top GitHub Comments

41reactions

chrisfosterellicommented, Jul 23, 2019

Yeah the sam local start-api also uses the mismatched format in --parameter-overrides, which is frustrating! Having to use two different config formats between local dev and prod deploy is not great… I had tried the --env-vars solution but had issues with the different cases expected between uppercase and snake case. This is what I had to do to get some resemblance of consistency:

I store my config file as a JSON file, such as config.json:

{
  "Region": "us-west-1",
  "Secret": "my-real-secret",
  [...]
}

And define them as parameters in the template.yaml:

Parameters:
  Secret:
    Type: String
  [...]

[... later ...]

Globals:
  Function:
    Environment:
      Variables:
        SECRET: !Ref Secret
        [...]

Then for development I have the following in package.json:

"scripts": {
  "api": "sam local start-api --region us-west-2 --parameter-overrides \"$(jq -r -j 'to_entries[] | \"ParameterKey=\\(.key),ParameterValue=\\(.value) \"' config.json)\"",
}

So I can run npm run api to get the api server going with the config file.

Then for deployment our CI runs:

> sam package --template-file ./template.yaml --s3-bucket bucketname --output-template-file ./packaged.yaml
> sam deploy --template-file ./packaged.yaml --stack-name stackname --capabilities CAPABILITY_IAM --parameter-overrides $(jq -r 'to_entries[] | "\(.key)=\(.value)"' config.json)

Surprising amount of work to get sane environment variables in SAM… I think this needs some developer experience TLC or maybe I’m missing something blatantly obvious 😅

29reactions

jsonmaurcommented, May 7, 2019

Same issue here. sam package/sam deploy should accept the --env-vars flag.

My current workaround is to use CF parameters, since sam package/sam deploy are aliases for cloudformation package/cloudformation deploy.

template.yml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  SomeFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: some-function/
      Handler: index.handler
      Runtime: nodejs8.10
      Environment:
        Variables:
          SOME_VAR: !Ref SomeVar
Parameters:
  SomeVar:
    Type: String

$ sam package --template-file template.yml --s3-bucket BUCKET_NAME --output-template-file packaged.yml

$ sam deploy --template-file packaged.yml --stack-name STACK_NAME --capabilities CAPABILITY_IAM --parameter-overrides SomeVar=123

Top Results From Across the Web

AWS SAM Template setting environment specific variables

You should use —parameter-overrides in your sam deploy command. sam deploy cli. Let me demonstrate how: In your template.yaml:

sam build - AWS Serverless Application Model

Build an AWS SAM application using the sam build command from the AWS SAM CLI. ... container $ sam build --use-container To build...

SAM invoke won't take local env vars

I have a sample SAM application with basic endpoints. I just want to run it locally by: sam local invoke -e events/event-post-item.json putItemFunction ......

AWS Lambda Functions

Then, when you run serverless deploy , VPC configuration will be deployed along with your lambda function. If you have a provider VPC...

awslabs/aws-sam-local

I have figured out the issue for anyone wondering. You cannot just specify the Environment Variables, you have to make sure in the...