I've written a basic Ballerina function and attempted to deploy as AWS Lambda.
AWS reports a permissions error when I try to add the Lambda layer (using the published ARN link - https://ballerina.io/deployment/aws-lambda/#ballerina-aws-lambda-layer-compatibility-matrix)
The error is
not authorised to perform lambda:GetLayerVersion on resource: arn:aws:lambda:eu-west-1:141896495686:layer:ballerina-0-990-3:4
I'm using eu-west-1 region. I've also tried us-west-1.
I've checked and my lambda execution role does include GetLayerVersion permission. I've also check that I can add alternative public layers successfully. For example the custom node11 runtime from https://github.com/lambci/node-custom-lambda
arn:aws:lambda:eu-west-1:553035198032:layer:nodejs11:11
can be added and saved without the same permission error.
This suggests the ballerina layer may not have appropriately public permissions. I'm just exploring so happy to deploy my own private layer if the runtime package can be shared.
We have created layers for all the regions but unfortunately, permissions were not set for all the regions. Above error is causing due to that and now we have fixed it. You can following Layers and please try again.
arn:aws:lambda:eu-west-1:141896495686:layer:ballerina-0-990-3:4
arn:aws:lambda:us-west-1:141896495686:layer:ballerina-0-990-3:4
Also you should be able to use any layer by replacing the region part of following ARN as specified in the website
arn:aws:lambda:<region to be replaced>:141896495686:layer:ballerina-0-990-3:4
Update for 1.0 onward releases
For 1.0 onward releases you need to use following layer. Now there are no release specific layers you can use same layer for new releases as well
aws lambda update-function-configuration --function-name <FUNCTION_NAME> --layers arn:aws:lambda:<REGION_ID>:141896495686:layer:ballerina:2
Update from WSO2 - thanks to Anjana Fernando:
Since the 1.x GA release of Ballerina, up to date references to the Layer ARN's are displayed at compile time with the generated deployment instructions.
For the Lambda By-Example sample, the generated deployment instructions include the following:
Run the following commands to deploy each Ballerina AWS Lambda function:
aws lambda create-function --function-name <FUNCTION_NAME> --zip-file fileb://aws-ballerina-lambda-functions.zip --handler
aws_lambda_deployment.<FUNCTION_NAME> --runtime provided --role <LAMBDA_ROLE_ARN> --timeout 10 --memory-size 1024
aws lambda update-function-configuration --function-name <FUNCTION_NAME> --layers arn:aws:lambda:<REGION_ID>:141896495686:layer:ballerina:2
Replacing the FUNCTION_NAME and your own LAMBDA_ROLE_ARN are still needed, of course, but the --layers option is a reference to the layer runtime matching the Ballerina compiler version. The only change needed is to identify the REGION_ID, e.g., us-east-1 for the layer to be included in your deployment.
As such,
--layers arn:aws:lambda:<REGION_ID>:141896495686:layer:ballerina:2
would be modified to
--layers arn:aws:lambda:us-east-1:141896495686:layer:ballerina:2
to include the appropriate layer from AWS' us-east-1 region.
Related
I have a pretty big project that I use Serverless Framework to deploy to AWS (a few lambdas together at a time) using Windows Terminal.
I would do:
serverless deploy -s integration
and it will take all of my lambdas and deploy them. My problem is that I need to use the versioning of AWS, and I don't know how to do it.
After I do the serverless deploy, do I need to open the AWS CLI console and run something like this for each lambda that I already deployed using serverless?
version=$(aws lambda publish-version --function-name test_lambda --description "updated via cli" --region eu-west-1| jq '.Version')
I'm just confused on how to combine the 2 ways of deploying lambdas.
by default, all functions deployed with Serverless Framework are versioned. You can also disable it or turn it on explicitly by setting:
provider:
versionFunctions: true (or false to turn it off)
Please keep in mind that the old versions are not removed automatically, so if you want to keep e.g. only a few previously deployed versions, you might need to use a plugin as https://github.com/claygregory/serverless-prune-plugin
In the AWS Lambda service's console, there is a Configuration tab called Database proxies, shown here:
However, in the Terraform registry's entry for an AWS Lambda Function, there does not seem to be a place to define this relationship for my lambda. It's easy enough to add manually after I deploy the Lambda, but for obvious reasons this isn't optimal. It seems like using a DB proxy is a common enough use case for serverless architectures that there would be a way to do this with the resources I've referenced.
What am I missing?
EDIT: As of 9 months ago, this feature was not included in the AWS Provider, but I'm unsure of how to search upcoming nightly or perhaps dev releases of Terraform for this feature...
EDIT EDIT (from my comment below): the RDS, its proxy, the roles they use, the lambdas, and the vpc in which they sit all work as expected. if I go to the above screenshot in the lambdas I am deploying, I can Add database proxy just fine using the proxy I deployed with Terraform. There are no issues with the code, nor any errors. The problem is that having to manually add the Database Proxy to each Lambda I deploy defeats the purpose of using Terraform.
When I try deploy to an existing lambda function configured in serverless.yml as following, it says "An error occurred: ApiLambdaFunction - an-existing-function-name-created-by-my-devops already exists."
functions:
api:
name: an-existing-function-name-created-by-my-devops
So it is not allowed to deploy to an existing lambda not created by serverless?
As Serverless manages your resources via a CloudFormation Stack, you could probably be able to import the lambda function within the UI (Import Existing Resources into a CloudFormation Stack) and do the deploy afterwards again.
I did not try this and there's most probably a better solution though.
Edit: precondition is that you successfully created your stack before adding your desired function.
Is there any way to do Contract testing for the AWS lambdas.
Pact is being used for normal APIs, But I am trying to implement Contract Testing on AWS SAM. Is there any tool for this or Pact can be used with any modifications?
Yes, you can use Pact to do contract testing with Lambda.
For example, Pact JS has support for asynchronous programming and has an example for Lambda using the serverless framework [1].
There is a good intro article [2] on the matter also.
[1] https://github.com/pact-foundation/pact-js/#asynchronous-api-testing
[2] https://dius.com.au/2017/09/22/contract-testing-serverless-and-asynchronous-applications/
You can use the amazon-cli if you want to test it.
amazon-cli will help you to manually trigger your lamda via aws lambda invoke the command.
Please install amazon-cli at your local from this link.
After that you can invoke the amazon 1st lamda from your cli with aws lamda command. It comes with many options like you can pass payload (supposed to be pass from SNS in actual scenario).
Executing AWS Lamda from Amazon-CLI Command details description
Example command:
aws lambda invoke --function-name your_function_name --invocation-type RequestResponse outfile.txt --payload file:requestFile.txt
I hope it helps.
I am developing aws lambda function and I have an option of using one of these two function, but I don't find any good place where I can see the difference between these two. Which one should be used and in which case?
AWS serverless application model i.e. AWS SAM is used to define a serverless application. You need to deploy this application on AWS lambda via s3.
SAM comes in action while testing the AWS Lambda Function locally because it's not easy to deploy and test on AWS Lambda every time you make a code change.
You can configure SAM on your IDE like eclipse, test and finalise the code then deploy it on Lambda.
For more info about sam https://github.com/awslabs/serverless-application-model/blob/master/HOWTO.md