Bug: sam local start-api authorization log is sometimes misleading

[JonZeolla]

Description:

If you create a serverless function invoked via a httpapi event which uses IAM auth, then run sam local start-api you get a log saying that your authorizer is 'None' and it's unsupported/not found. This is a bit misleading and could lead to people believing that their template.yaml will deploy with no authorizer, which is not true. I was able to change this log by replacing ApiId with some example auth details directly in the event, but then I had to change from HttpApi to Api which I don't want to do.

This is the specific log:

Linking authorizer skipped for route '/example', authorizer 'None' is unsupported or not found

Steps to reproduce:

Make this template.yaml:

Resources:
  ExampleFunction:
    Type: AWS::Serverless::Function
    Properties:
      Runtime: python3.12
      CodeUri: src/
      Handler: main.lambda_handler
      Events:
        ExampleHttpApiEvent:
          Type: HttpApi
          Properties:
            Path: /example
            Method: GET
            ApiId: !Ref ExampleHttpApi
  ExampleHttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      Auth:
        DefaultAuthorizer: AWS_IAM
        EnableIamAuthorizer: true

Then run sam local start-api and see:

Linking authorizer skipped for route '/example', authorizer 'None' is unsupported or not found
Mounting ExampleFunction at http://127.0.0.1:3000/example [GET]

Observed result:

➜ sam local start-api --debug
2024-11-27 15:45:07,175 | No config file found in this directory.
2024-11-27 15:45:07,177 | OSError occurred while reading TOML file: [Errno 2] No such file or directory: '/Users/jonzeolla/src/testing/sam/samconfig.toml'
2024-11-27 15:45:07,177 | Config file location: /Users/jonzeolla/src/testing/sam/samconfig.toml
2024-11-27 15:45:07,178 | Config file '/Users/jonzeolla/src/testing/sam/samconfig.toml' does not exist
2024-11-27 15:45:07,179 | Using SAM Template at /Users/jonzeolla/src/testing/sam/template.yaml
2024-11-27 15:45:07,193 | OSError occurred while reading TOML file: [Errno 2] No such file or directory: '/Users/jonzeolla/src/testing/sam/samconfig.toml'
2024-11-27 15:45:07,193 | Using config file: samconfig.toml, config environment: default
2024-11-27 15:45:07,194 | Expand command line arguments to:
2024-11-27 15:45:07,194 | --template_file=/Users/jonzeolla/src/testing/sam/template.yaml --host=127.0.0.1 --port=3000 --static_dir=public
--layer_cache_basedir=/Users/jonzeolla/.aws-sam/layers-pkg --container_host=localhost --container_host_interface=127.0.0.1
2024-11-27 15:45:07,224 | local start-api command is called
2024-11-27 15:45:07,396 | No Parameters detected in the template
2024-11-27 15:45:07,404 | There is no customer defined id or cdk path defined for resource ExampleFunction, so we will use the resource logical id as the resource id
2024-11-27 15:45:07,405 | There is no customer defined id or cdk path defined for resource ExampleHttpApi, so we will use the resource logical id as the resource id
2024-11-27 15:45:07,405 | 0 stacks found in the template
2024-11-27 15:45:07,406 | No Parameters detected in the template
2024-11-27 15:45:07,412 | There is no customer defined id or cdk path defined for resource ExampleFunction, so we will use the resource logical id as the resource id
2024-11-27 15:45:07,412 | There is no customer defined id or cdk path defined for resource ExampleHttpApi, so we will use the resource logical id as the resource id
2024-11-27 15:45:07,412 | 2 resources found in the stack
2024-11-27 15:45:07,413 | Found Serverless function with name='ExampleFunction' and CodeUri='src/'
2024-11-27 15:45:07,413 | --base-dir is not presented, adjusting uri src/ relative to /Users/jonzeolla/src/testing/sam/template.yaml
2024-11-27 15:45:07,416 | Found '1' API Events in Serverless function with name 'ExampleFunction'
2024-11-27 15:45:07,417 | Detected Inline Swagger definition
2024-11-27 15:45:07,417 | Parsing Swagger document using 3.0 specification
2024-11-27 15:45:07,417 | Found '0' authorizers in resource 'ExampleHttpApi'
2024-11-27 15:45:07,417 | Lambda function integration not found in Swagger document at path='/example' method='get'
2024-11-27 15:45:07,417 | Found '0' APIs in resource 'ExampleHttpApi'
2024-11-27 15:45:07,418 | Removed duplicates from '1' Explicit APIs and '0' Implicit APIs to produce '1' APIs
2024-11-27 15:45:07,418 | Linking authorizer skipped for route '/example', authorizer 'None' is unsupported or not found
2024-11-27 15:45:07,418 | 1 APIs found in the template
2024-11-27 15:45:07,420 | Mounting ExampleFunction at http://127.0.0.1:3000/example [GET]
2024-11-27 15:45:07,421 | You can now browse to the above endpoints to invoke your functions. You do not need to restart/reload SAM CLI while working on your functions, changes will be
reflected instantly/automatically. If you used sam build before running local commands, you will need to re-run sam build for the changes to be picked up. You only need to restart SAM CLI if
you update your AWS SAM template
2024-11-27 15:45:07,421 | Localhost server is starting up. Multi-threading = True
2024-11-27 15:45:07,421 | Setting SIGTERM interrupt handler
2024-11-27 15:45:07 WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
 * Running on http://127.0.0.1:3000
2024-11-27 15:45:07 Press CTRL+C to quit

Expected result:

Either something that refers specifically to AWS_IAM instead of None, or a more focused log which doesn't infer that authorization is None or won't work if this is deployed. My thought is that this message is moreso meant to say something about how it isn't supported locally.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

1. OS: macOS Sequoia 15.1.1 (24B91)
2. sam --version: SAM CLI, version 1.131.0
3. AWS region: us-east-1

➜ sam --info
{
  "version": "1.131.0",
  "system": {
    "python": "3.13.0",
    "os": "macOS-15.1.1-arm64-arm-64bit-Mach-O"
  },
  "additional_dependencies": {
    "docker_engine": "27.3.1",
    "aws_cdk": "Not available",
    "terraform": "Not available"
  },
  "available_beta_feature_env_vars": [
    "SAM_CLI_BETA_FEATURES",
    "SAM_CLI_BETA_BUILD_PERFORMANCE",
    "SAM_CLI_BETA_TERRAFORM_SUPPORT",
    "SAM_CLI_BETA_RUST_CARGO_LAMBDA"
  ]
}

[lucashuy]

Thanks for opening this, I'm going to mark it as a bug so that the team can prioritize a fix for this. The message is meant to convey that anything other than a Lambda authorizer is not supported locally. This might just be a matter of preserving the original authorizer type in the message.