Skip to content

Bug: SAM Conditional Globals Environment Variables maps fail to merge with Function environment variables  #8167

New issue
New issue
Open
Open
Bug: SAM Conditional Globals Environment Variables maps fail to merge with Function environment variables #8167
Labels
stage/needs-triageAutomatically applied to new issues and PRs, indicating they haven't been looked at.
@prower-turnitin

Description

@prower-turnitin
prower-turnitin
opened on Jul 10, 2025

Description:

Defect where conditional Global environment variables fail to merge properly to Function.
This example demonstrates a defect in AWS SAM where conditional environment variables defined in the Globals.Function.Environment.Variables section using !If statements do not properly merge into individual AWS::Serverless::Function resources that have their own Environment.Variables section.

Steps to reproduce:

Deploy the linked https://github.com/prower-turnitin/sam-conditional-globals-example/tree/main# SAM App.
You'll see function2 does not merge Global Environment as described : https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-template-anatomy-globals.html

Observed result:

When conditional statements (!If) are used in the Globals section, the conditional environment variables are NOT merged into functions that have their own Environment.Variables section.

Expected result:

According to AWS SAM documentation, global environment variables should merge with function-specific environment variables, with function-specific variables taking precedence when there are conflicts.

Function1 (No function-specific environment variables)

WORKS CORRECTLY - Receives all conditional global variables:

{
  "LOG_LEVEL": "INFO",
  "log_level": "INFO", 
  "OTEL_INSTRUMENTATION_COMMON_DEFAULT_ENABLED": "false",
  "OTEL_SERVICE_NAME": "sam-conditional-example-dev"
}

Function2 (Has function-specific environment variables)

DEFECT DEMONSTRATED - Missing conditional global variables:

{
  "LOG_LEVEL": "DEBUG",  // Function-specific override (correct)
  "FUNCTION_SPECIFIC_VAR": "function2-value",  // Function-specific (correct)
  "CUSTOM_CONFIG": "enabled"  // Function-specific (correct)
  // MISSING: OTEL_INSTRUMENTATION_COMMON_DEFAULT_ENABLED
  // MISSING: OTEL_SERVICE_NAME
  // MISSING: log_level
}

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: Darwin NOA-M-JW3FNV5R6Y 24.5.0 Darwin Kernel Version 24.5.0: Tue Apr 22 19:53:27 PDT 2025; root:xnu-11417.121.6~2/RELEASE_ARM64_T6041 arm64

  2. sam --version: SAM CLI, version 1.137.1

  3. AWS region: us-east-2

# Paste the output of `sam --info` here
{
  "version": "1.137.1",
  "system": {
    "python": "3.11.10",
    "os": "macOS-15.5-arm64-arm-64bit"
  },
  "additional_dependencies": {
    "docker_engine": "Not available",
    "aws_cdk": "Not available",
    "terraform": "1.5.7"
  },
  "available_beta_feature_env_vars": [
    "SAM_CLI_BETA_FEATURES",
    "SAM_CLI_BETA_BUILD_PERFORMANCE",
    "SAM_CLI_BETA_TERRAFORM_SUPPORT",
    "SAM_CLI_BETA_PACKAGE_PERFORMANCE",
    "SAM_CLI_BETA_RUST_CARGO_LAMBDA"
  ]
}

Add --debug flag to command you are running

Metadata

Metadata

Assignees

No one assigned

    Labels

    stage/needs-triageAutomatically applied to new issues and PRs, indicating they haven't been looked at.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions