Description
Key information
- RFC PR: (leave this empty)
- Related issue(s), if known: RFC: Collection of tiny utilities #30
- Area: Utilities
- Meet tenets: Yes
Summary
This utility helps you validate incoming events from Lambda event sources as well as the response from your Lambda handler - All based on JSON Schemas. You can either validate an entire incoming event including the chosen event source wrapper, or only the event payload/body if you will.
Motivation
Well-Architected Serverless Lens recommends validating events under the Security pillar. As of now, customers have to implement their own validation mechanisms, bring additional dependencies, and end up crafting multiple JSON Schemas for popular event sources.
We could ease that by including in Powertools and lowering the bar for entry.
Proposal
This utility would use the already present Fast JSON Schema lib to validate both incoming and outgoing events using a preferred JSON Schema.
Another plus is that we can use our Middleware Factory to make this easier to implement, and automatically trace it with X-Ray to profile performance impact when necessary.
Validating both inbound/outbound
from aws_lambda_powertools.utilities import validator
@validator(inbound=inbound_schema_dict, outbound=outbound_schema_dict)
def lambda_handler(evt, ctx):
...
For customers wanting to validate only the payload of popular event sources, say API Gateway, this utility will work in tandem with an extractor utility - That will provide the following benefits:
- Validate only the actual event payload of a popular event source
- e.g. validate API GW POST payload event (event['body']) itself not the whole API GW event
- Craft your own JSON Schema to help you validate payload as well as things like headers/message attributes, etc.
By default, envelopes will pluck only the payload of a message within the event. Allowing multiple paths can easily add complexity, so we will defer to customers creating their own envelopes if they want to.
Validating inbound with built-in popular event source schemas
from aws_lambda_powertools.utilities import validator
from aws_lambda_powertools.utilities.extractor import envelopes
@validator(inbound=inbound_schema, envelope=envelopes.api_gateway_rest)
def lambda_handler(evt, ctx):
...
Drawbacks
- JSON Schemas are not offered today for Lambda Event Sources; this means maintaining it
- Validating JSON Schemas can add up to ~25ms during cold start executions
- Invalid schemas or compiled-once are microseconds
Rationale and alternatives
- What other designs have been considered? Why not them?: Lambda Decorators Validate - It'd mean bringing two additional dependencies for a single utility, and
schema
is slower thanfastjsonschema
we already include in Powertools - What is the impact of not doing this?: Customers less experienced with Lambda might end up reinventing the wheel, and accidentally bringing less performant or incorrect validations.
Unresolved questions
Should we validate the event source per se, the event within the event source envelope, or both- e.g. message body in API GW, message within SQS Array object, etc.
- UPDATE: We'll create an extractor utility to not violate SRP
- Should we also optionally serialize the event before validating?
Optional, stash area for topics that need further development e.g. TBD
Metadata
Metadata
Assignees
Type
Projects
Status