Bug: Fn::If not supported, unsure of a workaround when working with Lambda layers

[erkdong]

Description:

In one project, I'm outputting a Lambda layer:

Outputs:
  LayerArn:
    Description: ""
    Value: !Ref LayerResource
    Export:
      Name: LayerArn

In a separate project, I want to import this layer:

Resources:
  LambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Layers:
        - !ImportValue LayerArn

This works in production, but not locally because Fn::ImportValue doesn't work locally. The standard workaround is to use Conditions on a parameter that is overridden on local runs:

Parameters:
  Environment:
    Type: String
    Default: "prod"

Conditions:
  IsLocalRun: !Equals [!Ref Environment, "local"]

Resources:
  LambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Layers:
        - !If
          - IsLocalRun
          - hardcoded ARN value
          - !ImportValue ChatFunctionApiArn-prod

But this doesn't work because Fn::If isn't supported either. Users have run into similar issues where the recommended workaround was to instead define a parameter for the value itself, which is overridden on local runs. Applied to my case, that would be something like:

Parameters:
  LayerArnParam:
    Type: String
    Default: !ImportValue LayerArn

Resources:
  LambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Layers:
        - !Ref LayerArnParam

However, this doesn't work because Every Default member must be a string, so it seems you can't use intrinsic functions in the default values of parameters.

Observed result:

$ sam validate

E2001 Property Parameters/LayerArnParam/Default should be of type String

Expected result:

Expect to be able to !ImportValue a Lambda layer ARN in production, and override it with a hardcoded ARN in local environment.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

1. OS: Mac
2. sam --version: SAM CLI, version 1.118.0
3. AWS region: us-west-1

# Paste the output of `sam --info` here
$ sam --info
{
  "version": "1.118.0",
  "system": {
    "python": "3.8.13",
    "os": "macOS-14.5-x86_64-i386-64bit"
  },
  "additional_dependencies": {
    "docker_engine": "27.2.0",
    "aws_cdk": "Not available",
    "terraform": "Not available"
  },
  "available_beta_feature_env_vars": [
    "SAM_CLI_BETA_FEATURES",
    "SAM_CLI_BETA_BUILD_PERFORMANCE",
    "SAM_CLI_BETA_TERRAFORM_SUPPORT",
    "SAM_CLI_BETA_RUST_CARGO_LAMBDA"
  ]
}

[hawflau]

@EricXDong Thanks for raising the issue.

Every Default member must be a string is a rule that CloudFormation enforces. And SAM CLI does not support Fn::If in local invoke. There is previous feature request for this - #6205

There are some alternatives you can try:

• Use sam sync to test on cloud instead of locally
• Create the Layer in the same stack instead of using Fn::ImportValue

[erkdong]

Thanks for your reply and the alternatives @hawflau, hope I can add my voice to the Fn::If feature request!

[hnnasit]

Closing this issue to track the feature request in the existing GitHub issue linked above.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.