SAM deploys are updating API Gateway Responses but not deploying to the stage

Question

I have noticed that my SAM deploys are updating API Gateway's configuration with changes I make to Custom API Gateway Responses, but are not actually deploying them to the API Gateway Stage to make them live. After the SAM deploy, if I go into the API Gateway console, pick my API, open the Actions menu, choose Deploy API, pick my stage, then hit deploy the changes then do go live without issue. Is there an additional step I should be doing to have the SAM deploy deploy the updated config to the stage?

I made an example that recreates this issue and here is my template.yml

AWSTemplateFormatVersion: 2010-09-09
Transform:
  - AWS::Serverless-2016-10-31
  - AWS::CodeStar

Parameters:
  ProjectId:
    Type: String
    Description: CodeStar projectId used to associate new resources to team members
  CodeDeployRole:
    Type: String
    Description: IAM role to allow AWS CodeDeploy to manage deployment of AWS Lambda functions
  Stage:
    Type: String
    Description: The name for a project pipeline stage, such as Staging or Prod, for which resources are provisioned and deployed.
    Default: "Prod"

Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: !Sub "${Stage}"

  MissingAuthGatewayResponse:
    Type: AWS::ApiGateway::GatewayResponse
    Properties:
      ResponseTemplates:
        application/json: "{'message': 'Not found.'}"
      ResponseType: MISSING_AUTHENTICATION_TOKEN
      RestApiId: !Ref MyApi
      StatusCode: "403"

  HelloWorld:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: !Sub "awscodestar-${ProjectId}-lambda-HelloWorld"
      Handler: index.handler
      Runtime: python3.7
      Role:
        Fn::GetAtt:
          - LambdaExecutionRole
          - Arn
      Events:
        GetEvent:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /
            Method: get

  LambdaExecutionRole:
    Description: Creating service role in IAM for AWS Lambda
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "CodeStar-${ProjectId}-Execution${Stage}"
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: [lambda.amazonaws.com]
            Action: sts:AssumeRole
      Path: /
      ManagedPolicyArns:
        - !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
      PermissionsBoundary: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/CodeStar_${ProjectId}_PermissionsBoundary"

Outputs:
  ApiURL:
    Description: "API URL"
    Value: !Sub "https://${MyApi}.execute-api.${AWS::Region}.amazonaws.com/${Stage}/"

Answer 1

I have got the same issue: deployment is done but it does not update the stage. The problem is that cloudformation does not take into account deployments with the same name, so if you modify your deployment name, it will redeploy as expected.

To solve that issue we are using this plugin https://github.com/paprins/serverless-apigateway-deployment-timestamp which basically is adding a timestamp to the name of the deployment. e.g for this deployment

MyDeployment:
    Type: AWS::ApiGateway::Deployment

the deployment done will be something like

APIProxyDeployment19878797197:
    Type: AWS::ApiGateway::Deployment

Other option would be to preprocess the descriptor modifying the deployment name but for me that plugin is an easier solution.