0

Serverless is unable to resolve varaibles in kafka event source, looking for a solution to resolve variables instead of hardcoded arns, which are dynamic and not automated.

functions:
  compute:
    handler: handler.compute
    events:
      - kafka:
          accessConfigurations:
            clientCertificateTlsAuth: arn:aws:secretsmanager:us-east-1:01234567890:secret:ClientCertificateTLS
            serverRootCaCertificate: !Ref resource # <-- turn to [Object object] in cloudformation
          topic: MySelfManagedMTLSKafkaTopic
          consumerGroupId: MyConsumerGroupId
          bootstrapServers:
            - abc3.xyz.com:9092
            - abc2.xyz.com:9092
Improve this question

1 Answer 1

Reset to default
0

The solution to this is to make the event-source (trigger) separated from what serverless assmbles to have full control over raw cloudformation.

serverless.yml:

  myHandle:
    handler: src/handlers/handler.default
    # events: 'resources/event-source.yml' No handler specified here!

resources/event-source.yml:

  HandleMyHandlerEventSourceMappingKafkaTopicName:
    Type: AWS::Lambda::EventSourceMapping
    DependsOn:
      - IamRoleLambdaExecution
      - HandleMyHandleProvConcLambdaAlias
    Properties:
      FunctionName:
        Fn::Join:
          - ':'
          - - Fn::GetAtt:
                - HandleMyHandleLambdaFunction
                - Arn
            - provisioned
      StartingPosition: TRIM_HORIZON
      SelfManagedEventSource:
        Endpoints:
          KafkaBootstrapServers:
            - ${env:CONFLUENT_ENDPOINT}
      Topics:
        - ${env:KAFKA_TOPIC}
      SourceAccessConfigurations:
        - Type: SERVER_ROOT_CA_CERTIFICATE
          URI: ${self:custom.customConfigs.ROOT_CA_SECRET_ARN} # can be !Ref.arn
        - Type: BASIC_AUTH
          URI: ${self:custom.customConfigs.CREDENTIALS_SECRETS_ARN} # can be !Ref.arn
        - Type: VPC_SECURITY_GROUP
          URI: !Join
            - ':'
            - - 'security_group'
              - !Ref MySecurityGroup
        - Type: VPC_SUBNET
          URI: ${cf:${self:custom.MyStackName}.paymentsSubnet1}
        - Type: VPC_SUBNET
          URI: ${cf:${self:custom.MyStackName}.paymentsSubnet2}
        - Type: VPC_SUBNET
          URI: ${cf:${self:custom.MyStackName}.paymentsSubnet3}
      BatchSize: 1
      SelfManagedKafkaEventSourceConfig:
        ConsumerGroupId: ${env:MY_CONSUMER_GROUP}

The way to have this cloudformation peace is to dig into your generated .serverless and find it there, bringing it out and customize it in your own favour, this way you also know the right names for each config in cloudformation.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.