RFC: Event Handler for REST APIs #3500
Replies: 9 comments 24 replies
-
|
Since this is a high-level definition of the implementation and features, I have nothing to add other than adding a
Congrats on writing this RFC @dreamorosi! It's going to be the most anticipated utility for Typescript Powertools for this year. |
Beta Was this translation helpful? Give feedback.
-
|
Looks fab and I can't wait to start using this for real to replace a less elegant solution we currently have in place! Could I get clarification on a couple of bits?
|
Beta Was this translation helpful? Give feedback.
-
|
Thank you for taking the time to read and for the feedback! Let me address both your questions:
The main usage we see for Middy.js is wrapping your function handler rather than specific arbitrary functions. This is because among other things, Middy.js middlewares expect a certain function signature that includes the Since method resolvers will need to have a specific signature that allows Event Handler to pass down the request info, I don't think it'll be possible to wrap a resolver specifically. You should however be able to do something like this and have Middy.js "upstream" import { APIGatewayResolver } from '@aws-lambda-powertools/event-handler/resolvers';
import { middy } from '@middy/core';
const app = new APIGatewayResolver();
app.get('/todos', async () => {
// handle route
});
export const handler = middy(async (event, context) =>
app.resolve(event, context))
.use(...); // your middlewares go hereThe main disclaimer here is that any middlewares you add should not manipulate the event, otherwise we can't guarantee that the resolver & router will work correctly. So, for example you should be able to use other Powertools for AWS middlewares like the Logger, Metrics, and Tracer ones - but most likely not some of the Middy.js ones that normalize the event and/or modify headers and such. Our view for this feature, and part of the reason why we're not including Middy.js for now, is that using the Event Handler should make redundant using many/all of the Middy.js middlewares related to request handling, since these responsibilities will be covered by the resolver. Even for Powertools for AWS Middy.js middlewares related to logging, metrics, tracing, and idempotency we might consider a deeper integration with Event Handler that would allow to do things like flush your metrics, inject request context in your logs, or trace a route a the resolver level. To explain what I mean a pseudo-code example: import { APIGatewayResolver } from '@aws-lambda-powertools/event-handler/resolvers';
import { Metrics, MetricUnit } from '@aws-lambda-powertools/metrics';
const metrics = new Metrics();
const app = new APIGatewayResolver();
app.useMetrics(metrics);
app.get('/bookings', async () => {
TODO: response object
metrics.addMetric('booking-requested', MetricUnit.Count, 1); // this is flushed automatically when the route handler returns.
});
export const handler = async (event, context) =>
app.resolve(event, context);Note that the example above is not final, and it's also not part of the initial scope of the implementation. Something that instead will be supported from day one is mixing and matching class method decorators, so you would be able to do this: import { APIGatewayResolver } from '@aws-lambda-powertools/event-handler/resolvers';
import { Tracer } from '@aws-lambda-powertools/tracer';
const tracer = new Tracer();
const app = new APIGatewayResolver();
app.useTracer(tracer);
class Lambda {
@app.errorHandler(ZodError)
public async handleInvalidRequest(error: ZodError) {
logger.error('Malformed request', {
path: app.currentEvent.path,
});
return {
statusCode: 400,
headers: {
'Content-Type': 'text/plain',
},
body: 'Invalid request parameters.'
}
}
@tracer.traceMethod({ name: '/todos/:todoId' }) // this would create a span for your request & annotate it
@app.get('/todos/:todoId')
public async getTodoById({ params }) {
const { todoId } = params;
const todos = await fetch(`https://jsonplaceholder.typicode.com/todos/${todoId}`);
return { todos: await todos.json() }
}
}
export const handler = async (event, context) =>
app.resolve(event, context);With that said, I'd like to also better understand the request of combining Middy.js middlewares with this feature, if there's something missing we might want to address it.
Yes, the SwaggerUI will work only at the function level, so the OpenAPI schema will include only the routes from a single lambda function. This is the same behavior we have in the Powertools for AWS Lambda (Python) version - but if there's demand for it in the future, we might also research if it's possible to stitch together schemas & UIs from multiple Lambda functions (I don't know if it's possible on top of my head). |
Beta Was this translation helpful? Give feedback.
-
|
Appreciate the detailed response.
This sounds perfectly workable. We already use a factory function that accepts a lambda handler as a callback and returns a Middyfied handler, so we'd just adapt what's being passed in.
Between the routing, input/output validation and error handling, you definitely look to be covering most of the functionality our team use Middy for day-to-day. I can almost see us skipping Middy entirely, even with only the items in your initial scope.
Documenting our split lambdas is a pain point for us at the moment. We're using a Serverless Framework plugin to associate OpenAPI docs with endpoints but it's way more verbose and repetitive than we'd like. Being able to generate a single SwaggerUI page for many lambdas using your proposed syntax would be a massive DX improvement for us but I reckon we can have a separate step in our CI/CD pipeline to stitch them together if needed. Here's hoping others show interest too 🤞 Looking forward to this arriving! Great work! |
Beta Was this translation helpful? Give feedback.
-
|
Is there a reason that const app = APIGatewayResolver();
const todosRouter = new Router();Personally, I prefer factory functions that don't use
Am I missing something but I don't see a import { APIGatewayResolver } from '@aws-lambda-powertools/event-handler/resolvers';
const app = APIGatewayResolver();
app.post('/todos/', () => {
const data = JSON.parse(app.currentEvent.body || '{}');
const todos = await fetch(`https://jsonplaceholder.typicode.com/todos`, {
body: JSON.stringify(data),
});
return {
todo: await todos.json(),
};
}, {
method: ['PUT', 'POST'] // <= http methods
});On another point, it seems a bit strange to me that the name of the method here is Also, what happens if some someone does this: app.post('/todos/', () => {
// ...
}, {
method: ['PUT', 'POST']
});
app.post('/todos/', () => {
// ...
}, {
method: ['POST']
});Which |
Beta Was this translation helpful? Give feedback.
-
I think it was a typo, it should be |
Beta Was this translation helpful? Give feedback.
-
|
Yes it was a typo, good catch - it should be Regarding this:
No, that was also a typo - both should have the I'll fix both of them - thank you again for taking the time to read the RFC and engage, Stefano! |
Beta Was this translation helpful? Give feedback.
-
BloatI think the APIGWIt also isn't clear if the routes in api gateway APIGW ANY SupportI didn't see any callout for APIGW ANY, is this going to be supported automatically, or are we going to have to know about it? For instance, if we want a route agnostic handler, is that possible? 405 Method Not AllowedHow will this be supported? How will we know that the method isn't allowed, in some frameworks we need to have brittle duplicated code that contains the same list of supported methods in order to report the 405, and then duplicate this in every router. The framework we are using right now automatically generates 405s for us without any complexity. AuthorizersI didn't see any support for custom lambda authorizers which almost always are necessary for us v2 HTTP APIsWe heavily rely upon v2 HTTP APIs and not REST APIs, is this RFC meant for both or only specifically the v1 REST APIs? Access to the templated pathIt wasn't clear if we need to access metadata about the powertools routed event how we would do that. the 405s issue is one of them, another one is getting both resolved MiddlewaresWe absolutely need a way to intercept all requests:
Integration with Express, Hono, Middy, etc...How exactly can we use this to debug a running HTTP version of our service? Is there some way to export the stored data so that it can be injected into these HTTP frameworks? I don't expect understanding of these frameworks or even an integration, but rather, a method like |
Beta Was this translation helpful? Give feedback.
-
|
Hi @wparad, thanks for taking the time to read the RFC and leave comments. Let me answer to each one of your points in random order: API Gateway HTTP (v2)
From the second paragraph at the top of the RFC:
In that sentence, Custom AWS Lambda Authorizers
API Gateway calls authorizers before forwarding the request to your Lambda proxy integrations. Because of this, at least in its current form Event Handler can't influence the logic of the custom authorizer itself and by the time a request arrives it's assumed to be authorized. When it comes to parsing a request we already have Parser with built-in schemas specific to custom Lambda authorizers. But if you had something different in mind, I'd still like to hear your thoughts on how Event Handler could help in this area. We might not include it in the first couple iterations of the feature, but if it's compelling enough and there's demand we can add it to the backlog still. API Gateway route with method
Setting a route method mapping as Once the request reaches the function, and is processed by Event Handler we'll look at the HTTP verb present in the request and call your resolvers accordingly. So, yes, With that said, I would not necessarily recommend you using For ALB & most likely Lambda Function URLs, all requests of all methods get routed to the integration. 405 Method Not Allowed Thank you for pointing out this gap. Today handling this case even in Powertools for AWS Lambda (Python) can be tricky, so we decided to include a new method that will help with this. By default we'll return This is the new section I added to the RFC, and will open an issue on the Python repo shortly: By default, we return 405 for any request that matches a route but is using a method with no resolver. You can use the Access to the templated path If I understand correctly your question, you want to be able to access the raw request fields. If this is the case, then the answer is already covered in the "Accessing request details" section. To recap, you'll be able to access the raw request and Lambda context respectively with If instead this was not what you meant, please elaborate and clarify. enableSwagger This is a completely opt-in feature, and when enabled we will automatically generate a couple of routes that return an HTML page for the Swagger UI. From the code perspective, the HTML and resolver code needed to generate these routes takes about 8kb unminified if we use the Python implementation as reference (here & here). While I would not call this bloat, we'll do our best to expose this code in a way that can be tree-shaken by bundlers, for example by exposing it via subpath module - something we do quite extensively in this project. For what concerns the actual JavaScript needed to render & make the Swagger UI function (i.e. this - 1.2MB), I can confirm that we have no plan of adding it to our library and thus to your bundles. We'll make this configurable so that customers who want to enable the Swagger UI will either need to bundle that file with their code or provide a full url of a CDN where that file is hosted. This way customers who don't want / need this feature won't have any overhead in their bundle. Thank you for calling out this detail, your question made us look at the topic more closely and decide to implement it this way. I'll add some of the details above to the RFC. Middlewares
We understand completely that middlewares are a critical part of many production-ready APIs. Because of this we want to make sure we create a solid middleware engine that is flexible enough but also offers a good DX. For this reason middlewares are not part of the initial scope but will be instead part of a subsequent launch shortly after GA. The features marked as in scope in the RFC above are what will be available on day 1 of release, this doesn't mean we won't continue investing and improving the feature set. For middlewares specifically, we'll most likely add them right after GA, but we will share more accurate timelines at a later date. This is the current plan, but if there's enough demand we are also open to reconsider the scope and include them. If you have any feedback / comment / or idea about middlewares feel free to leave them here anyway. Routing
We haven't settled yet on any routing algorithm in particular but personally I'm leaning towards having both a regex-based one and a trie-tree one, just like Hono. When it comes to route specificity, if you have for example two route handlers for For the prefix part, this is somewhat covered in the "Custom Domain API Mappings". You'll be able to specify a shared prefix for your resolver so that you don't have to write If instead this was not what you meant, and you were referring to something else, please elaborate and clarify. Local testing As you mentioned, we don't expect to integrate directly with other frameworks like Hono or Express. When it comes to Middy.js we might have some integration as long as Middy.js is used in a way that doesn't manipulate the incoming request. I touched upon the topic in this other comment. The part of your question that I am more interested is the one about the local debugging & testing:
Since we are not standing up any HTTP server nor listening on any socket/port there's no need to actually run your code in a separate process and make requests to it. If you want to debug or test code that involves Event Handler you should treat this as any other function/module that you export and consume from another file/module. For example, you might have your main entry point that looks like this: // your imports & routes go here
export const handler = async (event, context) =>
app.resolve(event, context);You can then from other files import import { it, expect } from 'vitest';
import type { Context } from 'aws-lambda';
import { handler } from './index.ts';
it('handles a GET request', async () => {
// Prepare
const event = {
// ... rest of the API Gateway REST | API Gateway HTTP | ALB | Function URL payload
path: '/hello',
method: 'GET'
};
const context: Context = { ... } // context object
// Act
const response = await handler(event, context);
// Assess
expect(response.statusCode).toEqual(200);
// ... other assertions go here
});This is true for any other function you write for Lambda, you don't necessarily need to expose it as a web server to test/debug it. If instead we're talking about emulating IAM permissions, the Lambda execution environment, or other aspects of AWS then this is out of scope for Powertools for AWS. Although you could probably use things like SAM or LocalStack. I hope I have answered most/all your questions. Thank you again for your inputs. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for clarifying these. Let me dive into the specific points: Access to the templated path
Actually no. The Lambda raw request fields will come from APIGW which only include the following:
Let's take the example of a route like:
But we need explicitly enableSwaggerI was explicitly talking about the framework code to enable swagger, not what it pulls in. 8kb or even 4kb, more is still more. As long as it is exposed as a subpath that can somehow be ignored without requiring us to trust our bundling tools to tree shake it, that's good by me. Local testing
I think I wasn't clear here. I would want convert locally our lambda into an HTTP server. Right now we do that by wrapping the lambda library and passing that into Express. The original Lambda-Express library for nodejs did this, SAM does this. The use case is "I want a localhost running http service on my machine that I can hit with payloads that look exactly like the payloads sent to apigateway or lambda function url and for those to converted into requests that are sent to our registered endpoint. Sure we can test the endpoints explicitly with unit tests, but I'm not sure it would work exactly correctly otherwise. For example, we can't just use something like this: express.any('.*', (params, etc..) => {
const event = {
// ... rest of the API Gateway REST | API Gateway HTTP | ALB | Function URL payload
path: params.path,
method: params.method,
...
};
const context: Context = { ... } // context object
// Act
const response = await handler(event, context);
// convert back to express result;
return convertFromLambdaResponseBackToExpressResult(response);
}The problem is that perfectly constructing the Middlewares
Ah it wasn't clear to me that "out of scope" means "not right now" and not "no plans to implement". |
Beta Was this translation helpful? Give feedback.
-
|
One feature I like about |
Beta Was this translation helpful? Give feedback.
-
|
I appreciate the effort behind this RFC, but I strongly disagree with the lambdalith approach it seems to promote. Consolidating multiple routes with distinct Swagger specs into a single Lambda goes against serverless best practices and introduces significant operational and security challenges. Key Concerns: While lambdaliths may appear to simplify routing, allow for the ability of having a better-defined OpenAPI spec and reduce cold starts, the trade-offs in performance, security, and maintainability outweigh the benefits. Serverless succeeds because of its modularity and principle of least privilege. Let’s focus on patterns that enhance these strengths rather than undermine them. Would love to hear others’ thoughts on maintaining best practices while achieving the goals this RFC targets. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for taking the time to read the RFC and engage with it. AWS best practices tend to favor single-purpose Lambda functions for many of the reasons you listed as well as others, if possible customers should go this route, especially when building new complex workloads and/or when rearchitecting existing ones. In practice, like everything in engineering, there are tradeoffs and many customers still need or prefer to use a single (or few) Lambda functions to handle multiple API routes. Having one function per route is the best option, but many customers might not be able to take on the operational complexity that this brings either because they lack resources to do so. There are tons of customers who are either just starting their Serverless journey and might be more familiar with this pattern, this type of feature is for these customers and serves as an on-ramp to start getting some of the benefits of Lambda without having to tackle too many things at once. Likewise, sometimes workloads are just not complex enough to warrant splitting them, or in other cases there might be other requirements that force the single function pattern. One of the core tenets of Powertools for AWS Lambda is to be progressive, meaning that our utilities are designed to be incrementally adoptable for customers at any stage of their Serverless journey. This is a clear example of that. Our position on the topic is not to promote this as the one and only way to go, but to acknowledge that many customers still want to work this way and thus help them do it in the best way possible. Both on GitHub and during offline interactions this is and has been our most requested feature, and while we can talk about best practices as much, sometimes customers just want to get the job done. This is us acknowledging this and helping them to do it with a good DX and as securely as possible, despite the inherent tradeoffs of this pattern that we already list prominently in our documentation. |
Beta Was this translation helpful? Give feedback.
-
|
Hey @martzmakes thanks for bringing to us your point of view and concerns, we really value this and this is the main propose of an RFC.
In this RFC, we are proposing a new experience for developers when creating APIs using AWS Lambda and Powertools TypeScript. This new utility will allow customers to manage routes, access event parameters, handle routes not found, handle unauthorized methods, facilitate the use of CORS, auto-serialize responses, data validation and, among other things, also facilitate the generation of OpenAPI. So this utility will allow customers to choose between the best architecture they want: lambdalith, micro-Lambda or another name that eventually emerges. While we recognize that in this first version of this utility the customer will not be able to create OpenAPI Schema when using several Lambda functions at the same time, but this is on our radar and will be implemented at some point in the future. In case of this is mandatory for your workload, for example, there is still the option of exporting the OpenAPI from the Amazon API Gateway console as a workaround. All the features we have developed over the years at Powertools have been improved by listening to our customers, and this case will be no different. For this reason, I find it hard to say that we are suggesting any type of bad practices because 1 - out of 10? - feature needs to be improved in the next versions of this utility.
I think that Serverless computing's success can be attributed to several key factors. Primarily, it significantly reduces operational overhead for customers. Its ability to rapidly scale resources based on demand, coupled with low complexity, contributes greatly to its popularity. And yes, security and isolation is another thing that contributes a lot. For me, one of the most appealing aspects of running serverless workloads is its flexibility. It not only allows for single-responsibility Lambda functions but also enables you to organize functions by business domains, workload components, or any other logical division that aligns with your business needs, security requirements and architectural design.
I believe we're on the right track with this RFC. We're offering an optimized experience for AWS Lambda while still allowing customers to choose their preferred approach. Although the initial release won't include OpenAPI Schema support for multiple Lambda functions, I had an idea: once we launch, you could help us enhance this OpenAPI feature, potentially unlocking new use cases. I'd love to hear your thoughts on this. I'm also available on the CB Slack if you'd like to discuss further. Again, thanks for engaging with this RFC and helping us to make it even better. |
Beta Was this translation helpful? Give feedback.
-
|
👏 |
Beta Was this translation helpful? Give feedback.
-
"To LambdaLith" or "Not to Lambdalith" is the eternal question. I agree with your sentiments in regards to modularity, security, etc being best practices. Powertools EventHandlers can still be used in a "micro" sense by defining a single route. Doing this you still get all the benefits of reduced boilerplate for CORS, data validation, serialization etc etc that Powertools provides and still have a consistent, repeatable pattern for creating micro lambda functions for APIs (if that is your choice). Using EVentHandler will also enable the same implementation to pivot to the different ways of hosting APIs on AWS - RestV1, RestV2, functionUrl, ALB, etc etc (all the API things), which is a great benefit that python delivers today and assume future work would expand the resolvers for the varying flavours of API you can host on AWS. Powertools is not enabling or encouraging specific architectures, however it is driven by where customers are today so needs to cater for a variety of different use-cases. Right now lambdaliths are a popular mechanism of removing Operational burden and being an initial stepping stone to serverless which enables the strangler pattern or other evolutionary pathways to be applied in moving APIs to more granular modules where it is relevant and required. I feel your concerns can be addressed within the documentation itself where Powertools can highlight design choices or different architectural patterns. AWS Lambda Powertools for python has a considerations section covering the different use-cases and trade-offs which I feel is a good way to cover off your concerns. |
Beta Was this translation helpful? Give feedback.
-
|
I also like this conversation between Yan Cui and Heitor Lessa - it's about allowing teams to move fast with thier current skills and knowledge. I feel the whole Monolith vs singular functions is something that can never be resolved because every use-case is different and in architecture there are always considerations that go beyond the technology choices to make them work effectively and in a cost efficient way. When I say "cost efficient", I am not talking about Lambda cost specifically but about how teams are structured, how they work and how they deploy which takes into consideration Organisational decisions or choices that are non-negotiable and these always exist. |
Beta Was this translation helpful? Give feedback.
-
|
For the Open API section where you detail customizing parameters: is the intention that each of those parameters will be top level attributes to the config object? I worry that there's quite a few parameters, and as the Open API spec changes you might open yourself up to name collisions. Thoughts on scoping the customizations to an attribute like Awesome work with the RFC, keen to see what's next. Will there be much opportunity for community contributions to this work? |
Beta Was this translation helpful? Give feedback.
-
|
Hi @scratchclaggy! Thanks for sharing this. Can you please expand a bit more on your question here? Are you specifically talking about data validation properties like
Everything we do is public and we will open issues as soon as we have the final decision on this RFC. @dreamorosi will lead the implementation, and of course all help from the community is welcome, after all, working with our community is part of our DNA. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for the question, and for engaging with the RFC. If I understand the question correctly, you're probably referring to this section: import { APIGatewayResolver } from '@aws-lambda-powertools/event-handler/resolvers';
const app = new APIGatewayResolver();
app.get('/subscription/:subscriptionId', async ({ params }) => {
return {
subscriptionId: params.subscriptionId,
};
}, {
summary: 'Retrieves a subscription',
description: 'Loads a subscription identified by a `subscriptionId`',
responseDescription: 'The subscription object',
responses: {
200: { description: 'subscription found' },
404: { description: 'subscription not found' }
},
tags: ['Subscription']
});
export const handler = async (event, context) =>
app.resolve(event, context);If this is the case, I agree with your point and we should instead change the signature to this: import { APIGatewayResolver } from '@aws-lambda-powertools/event-handler/resolvers';
const app = new APIGatewayResolver();
app.get('/subscription/:subscriptionId', async ({ params }) => {
return {
subscriptionId: params.subscriptionId,
};
}, {
openapi: { // <--- Now it's namespaced/nested
summary: 'Retrieves a subscription',
description: 'Loads a subscription identified by a `subscriptionId`',
responseDescription: 'The subscription object',
responses: {
200: { description: 'subscription found' },
404: { description: 'subscription not found' }
},
tags: ['Subscription']
}
});
export const handler = async (event, context) =>
app.resolve(event, context);This way the implementation is more future-proof and like you said, easier to avoid name collisions. Coincidentally, it'll also very slightly simplify the internal implementation since we can now check a specific property in the I'll get the RFC updated in the next couple hours to reflect this.
Like @leandrodamascena mentioned, we want to make this as contributor-friendly as possible. My plan for this is to leave the RFC open for ~a couple more weeks and then create a backlog of issues for the work to be done. I'll label issues based on whether they're open for contribution and/or whether they're good first issues. These labels will help to convey what is up for grabs and they're there mainly to help guide the implementation and make sure things are implemented in the right order/pace. I expect to pick up some of the first more foundational items to set the structure of the utility and its patterns, but after that as the implementation progressed I'll be happy to dedicate time to reviewing community PRs as they come in. Looking forward to seeing a PR from you when the time comes! |
Beta Was this translation helpful? Give feedback.
-
|
Awesome, yes that's exactly what I was referring to. I'll keep an eye out once this goes through, looking forward to getting in there! |
Beta Was this translation helpful? Give feedback.
-
|
Hey @dreamorosi and team! Love the effort here - well-written, structured, thought through - fantastic work as always! Can you expand a little on the proposal to access I.e. current [...]
const app = new APIGatewayResolver();
app.get('/search', () => {
const query = app.currentEvent.query('q');
const { limit, offset } = app.currentEvent.query();
return {
message: 'Hello, World!'
};
});
[...]vs something like [...]
const app = new APIGatewayResolver();
app.get('/search', ({ currentEvent }) => {
const query = currentEvent.query('q');
const { limit, offset } = currentEvent.query();
return {
message: 'Hello, World!'
};
});
[...] |
Beta Was this translation helpful? Give feedback.
-
|
I'm just struggling to see where the global approach would be beneficial enough to warrant the tradeof of a (to me) unexpected design.
I get and sympathize with this, but customers (I'm guessing) rarely have experience from both Powertools for Python AND Typescript, instead they'd typically have experience from other tools like express and hono. For the There's definitely some merit to the idea that this is made specifically for Lambda though, and that it's good to challenge some concepts in similar tools that are meant to be used in the wider ecosysystem. |
Beta Was this translation helpful? Give feedback.
-
|
Anything global will immediately break as soon as it is wrapped in anything that allows parallel processing. Sure Lambda itself might not allow that, but every other tool out there, will allow it, Hono, Express, Jest, Mocha, Vitest, etc... None of these will understand that. Having this be global is just a terrible idea and only going to cause concrete problems. It's much better to create a "Pit of Success". Just because "Python" does it doesn't mean it should be copied here. And having "two different strategies" to make this happen also creates confusion. This should just be fixed. Fundamentally it should be a function parameter, and if someone really wants a global thing, they can just wrap the powertools function handler. However, if this library gets it wrong and makes it global, there is no fixing that. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks everyone for chiming in, you're right. I'm gonna update the RFC to make this a function parameter instead of a property of the router/resolver itself. It makes more sense, so I'm happy to diverge here. As a side note, just to acknowledge this point:
While true that customers in one ecosystem are generally more familiar with tools from it, we are seeing more and more companies of a certain size asking us to increase consistency wherever possible because they want to standardize their operations and have multiple teams using similar tools. In practice we're seeing teams writing either of these languages wanting to adopt Powertools and expect to have a similar DX. With that said, this specific instance is not one where we should enforce standardization and we should instead go for the better option, which is clearly using function parameters. Thank you for bringing this up and creating this thread - very useful! (I'll get the RFC updated in the next couple hrs - bear with me while I reply to other threads). |
Beta Was this translation helpful? Give feedback.
-
|
While I was updating the RFC I came up with a doubt, I'd appreciate your inputs on it. Right now the object you can destructure as first parameter in your route resolver is meant to include path parameters that will have the same name as your actual path parameter (except for camel case normalization), for example: [...]
const app = new APIGatewayResolver();
app.get('/todo/:todoId', ({ todoId }) => {
return {
message: 'Hello, World!'
};
});
[...]With this in mind, how do we avoid a collision between our [...]
const app = new APIGatewayResolver();
app.get('/todo/current_event', ({ currentEvent }) => {
return {
message: 'Hello, World!'
};
});
[...]As far as I know, we don't have any way of preventing this from happening so I am not sure how to handle this. The first option I thought would be to namespace these parameters within the object, like: [...]
const app = new APIGatewayResolver();
app.get('/todo/:todoId', ({ todoId, aws }) => {
const query = aws.event.query('q');
return {
message: 'Hello, World!'
};
});
[...]the second one would be to use a second parameter entirely: [...]
const app = new APIGatewayResolver();
app.get('/todo/:todoId', ({ todoId }, { event }) => {
const query = event.query('q');
return {
message: 'Hello, World!'
};
});
[...]Personally I would prefer the first option since it seems cleaner but there's still a risk of name collisions if you have What are your thoughts? |
Beta Was this translation helpful? Give feedback.
-
|
couldn't they too be added to the "new" request object? Something like: app.get('/todo/:todoId', (request) => {
const query = request.query('q');
const todoId = request.params.todoId // or event.params("todoId")
return {
message: 'Hello, World!'
};
}); |
Beta Was this translation helpful? Give feedback.
-
|
What would be the advantages of having this while libraries like Hono for Lambda already do that very well? |
Beta Was this translation helpful? Give feedback.
-
|
This is covered in the "Use Case" section of the original post, but it boils down to the fact that customers who are either already on Lambda or already using Powertools for AWS have been asking us to add this feature for the past two years. This is because despite many other frameworks available they would prefer something specifically designed to work on AWS Lambda and maintained by AWS. We don't expect everyone to move from Express, Hono, Fastify, or others if they're already happy with the framework they have. Our utilities are modular, so you can continue enjoying other features and don't have to adopt this one if other solutions are working better for your workload. |
Beta Was this translation helpful? Give feedback.
-
Is this related to an existing feature request or issue?
#413
Which area does this RFC relate to?
Event Handler
Summary
Resolvers handle request resolution, including one or more routers, and give access to the current event via typed properties.
While the code samples in the RFC will use mainly
APIGatewayRestResolver, the first iteration of the feature will have in scope also theAPIGatewayHttpResolverandLambdaFunctionUrlResolverresolvers. Other resolvers present in the Python version of Powertools for AWS will be added in subsequent releases and based on demand.In terms of patterns of usage, Powertools for AWS Lambda (TypeScript) generally supports three patterns:
The first iteration of the feature will include only 1/ and 2/, while Middy.js middleware usage will be added later if there's demand.
Use case
Powertools for AWS customers have been asking us to provide a utility similar to the one present in Powertools for AWS Lambda (Python) that allows them to easily build REST APIs backed by an AWS Lambda function.
While there are already many popular frameworks in the Node.js ecosystem such as Express.js, Fastify, and Hono, none of them targets specifically and uniquely Lambda customers, and many enterprise customers who have already adopted Powertools for AWS in their workloads, would prefer a solution delivered by us rather than relying on a 3rd party dependency.
For this reason we are continuing our work to improve feature parity between Powertools for AWS versions and will offer an Event Handler utility in this version. We don't necessarily expect customers who have had success and are happy with other frameworks to migrate to Event Handler; this utility is rather for those who appreciate our commitment to supply chain security and our efforts to build lightweight utilities specifically focused on Lambda.
The goal of this RFC is to propose a feature set that matches the one present in Powertools for AWS Lambda (Python) while also being idiomatic with the Node.js ecosystem and adding selected features that make sense in this version.
Proposal
Response auto-serialization
For your convenience, you can return a plain object response and we will automatically:
object(Record<k, v>) responses to JSONContent-Typetoapplication/jsonstatusCodeto 200 (OK)If you want full control of the response, headers, and status code you can also return a Response object (more on this later).
Dynamic routes
You can use
/todos/:todoIdto configure dynamic URL paths, where:todoIdwill be resolved at runtime.Dynamic paths can also be nested and used at different levels, i.e.
/todos/:todoId?/comments/:commentId/hidden/:isHiddenand in all cases, the parameters should be strongly typed and customers should get type hints in their IDE like this:Query Strings
Within
app.currentEventproperty, you can access all available query strings as an object viaquery.Payload
You can access the raw payload via the
bodyproperty, or if it's a JSON string you can quickly deserialize it via thejson()method.Headers
Similarly to query strings, you can access headers as dictionary via
app.currentEvent.headers. Specifically for headers, it's a case-insensitive dictionary, so all lookups are case-insensitive.Catch-all routes
You can also create things like catch-all routes, for example the .+ expression allows you to handle an arbitrary number of paths within a request.
HTTP Methods
You can use named methods to specify the HTTP method that should be handled in your functions. That is,
app.<http_method>, where the HTTP method could beget(),post(),put(),patch(),delete(),head().If you need to accept multiple HTTP methods in a single function, or support a custom HTTP method for which no method exists (e.g.
TRACE), you can use theroute()method and pass an array of HTTP methods.Below you'll find sections about how we handle routes not found and method not allowed, as well as how to customize the default behavior.
Data validation
All resolvers can optionally coerce and validate incoming requests by setting
enableValidation: true.With this feature, we can now express how we expect our incoming data and response to look like. This moves data validation responsibilities to Event Handler resolvers, reducing a ton of boilerplate code.
You can pass an output schema to signal our resolver what shape you expect your data to be.
Handling validation errors
Any incoming request that fails validation will lead to a
HTTP 422: Unprocessable Entityerror response that will look similar to this:{ "statusCode": 422, "body": "[{\"type\": \"int_parsing\", \"loc\": [\"path\", \"todo_id\"]}]}", "isBase64Encoded": false, "headers": { "Content-Type": "application/json" }, "cookies": [] }You can customize the error message by catching the
RequestValidationErrorexception. This is useful when you might have a security policy to return opaque validation errors, or have a company standard for API validation errors.Here's an example where we catch validation errors, log all details for further investigation, and return the same
HTTP 422with an opaque error.Validating payloads
You can do something similar with the incoming payload as well, in this case you can pass a schema to the
validation.inputproperty.We will automatically parse and validate the outer envelope of the event according to the resolver you are using, so that you can focus on providing the schema for the body only.
Enabling SwaggerUI
Since Event Handler supports OpenAPI, you can use SwaggerUI to visualize and interact with your API.
We will implement this feature as a complete opt-in feature and with as little overhead as possible. Because of this we will return the HTML needed to render the SwaggerUI but you will have to bundle your own
swagger-ui-bundle.min.jstogether with your function or provide an url to a CDN-hosted version of it (i.e. this).Accessing request details
Event Handler exposes the resolver request and Lambda context under convenient properties like:
app.currentEventandapp.lambdaContext, this is why you seeapp.resolve(event, context)in every example.Handling not found routes
By default, we return
404for any unmatched route.You can use the
notFound()method or class method decorator to override this behavior, and return a custom response.Handling methods not allowed
By default, we return 405 for any request that matches a route but is using a method with no resolver.
You can use the
methodNotAllowed()method or class method decorator to override this behavior, and return a custom response.Error handling
To keep your route handlers as focused as possible, you can use the
errorHandler()method or class method decorator with anyErrorclass or children. This allows you to handle common errors outside of your route, for example validation errors.The
errorHandler()method also supports passing a list of error classes you want to handle with a single handler.Internally, we’ll test the error being thrown using
error instanceof YourErrorfirst, and thenerror.name === YourError.name, this allows us to ensure equality even when the imports or the bundle might be polluted with double imports.Raising HTTP errors
You can easily raise any HTTP Error back to the client using one of the handy prebuilt error responses. This ensures your Lambda function doesn’t fail but return the correct HTTP response signalling the error.
We provide pre-defined errors for the most popular ones such as HTTP 400, 401, 404, 500, etc.
Custom Domain API Mappings
When using the Custom Domain API Mappings feature in Amazon API Gateway, you must use the
stripPrefixesparameter in theAPIGatewayRestResolverconstructor.Scenario: You have a custom domain
api.mydomain.dev. Then you set a/paymentmapping to forward any payment requests to your Payments API.Challenge: This means you path value for any API requests will always contain
/payment/<actual_request>, leading to HTTP 404 as Event Handler is trying to match what’s afterpayment/. This gets further complicated with an arbitrary level of nesting.Solution: To address this, we use the
stripPrefixesparameter to remove these prefixes before trying to match the routes you defined in your application.After removing a path prefix with
stripPrefixes, the new root path will automatically be mapped to the path argument of/.For example. when using the
stripPrefixesvalue of/pay, there is no difference between a request path of/payand/pay/; and the path argument would be defined as just/.Advanced use cases
CORS
You can configure CORS in each resolver constructor via the
corsparameter with aCORSConfigclass.This will ensure that CORS headers are returned as part of the response when your functions match the path invoked and the
Originmatches one of the allowed values.Optionally, you can disable CORS on a per path basis with the
cors: falseoption.Pre-flight
Pre-flight (
OPTIONS) calls are typically handled by API Gateway or Lambda Function URL. For ALB instead, you are expected to handle these requests yourself.For convenience, we automatically handle them for you as long as you enable CORS in the constructor.
Defaults
For convenience, these are the default values when using
CORSConfigto enable CORS:**for production unless your use case strictly requires it[]allowOrigin["Authorization", "Content-Type", "X-Amz-Date", "X-Api-Key", "Amz-Security-Token"][]falseCompress
You can compress with gzip and base64 encode your responses via the
compressparameter. You have the option to pass thecompressparameter when working with a specific route.The client must send the
Accept-Encodingheader, otherwise we will send a normal response.Binary responses
For convenience, we automatically base64 encode binary responses. You can also use in combination with
compressparameter if your client supports gzip.Similar to the
compressfeature, the client must send theAcceptheader with the correct media type.Notes:
*/*binary media type when CORS is also configuredDebug mode
You can enable debug mode via the
POWERTOOLS_DEVorPOWERTOOLS_EVENT_HANDLER_DEBUGenvironment variables.This will enable full traceback errors in the response, log any request and response, and set CORS to allow any origin (
*).Since this might reveal sensitive information in your logs and relax CORS restrictions, we recommend you to use this only for local development and as sparingly as possible.
OpenAPI
When you enable data validation, we use a combination of standard-schema compatible schemas (Zod, Valibot, Arktypes) and OpenAPI type annotations to add constraints to your API's parameters.
In OpenAPI documentation tools like SwaggerUI, these annotations become readable descriptions, offering a self-explanatory API interface. This reduces boilerplate code while improving functionality and enabling auto-documentation.
Customizing OpenAPI parameters
Whenever you use OpenAPI parameters to validate query strings or path parameters, you can enhance validation and OpenAPI documentation by using any of these parameters:
true, strict validation is applied to the field. See Strict Mode for detailsfalsethe field will not be part of the exported OpenAPI schemaCustomizing API operations
Customize your API endpoints by adding metadata to endpoint definitions.
Here's a breakdown of various customizable fields:
To implement these customizations, include extra parameters when defining your routes:
Split routes with Router
As you grow the number of routes a given Lambda function should handle, it is natural to either break into smaller Lambda functions, or split routes into separate files to ease maintenance - that's where the
Routerfeature is useful.Let's assume you have
index.tsas your Lambda function entrypoint and routes intodos.ts. This is how you'd use the Router feature.todos.tsindex.tsRoute prefix
When necessary, you can set a prefix when including a router object. This means you could remove
/todosprefix altogether.todos.tsindex.tsSpecialized routers
You can use specialized router classes according to the type of event that you are resolving. This way you'll get type hints from your IDE as you access the
currentEventproperty.Sharing contextual data
You can use
appendContextwhen you want to share data between your App and Router instances. Any data you share will be available via the context object available in your App or Router context.We always clear data available in context after each invocation.
index.tsOut of scope
The following items are to be considered out of scope for the first iteration of the feature:
If you are interested in any of them and would like us to prioritize them right after the first version, please let us know under this RFC.
Potential challenges
TBD
Dependencies and Integrations
No response
Alternative solutions
Acknowledgment
Future readers
Please react with 👍 and your use case to help us understand customer demand.
Beta Was this translation helpful? Give feedback.
All reactions