jammycakes / lambda-tools Goto Github PK

As of version 0.0.12, we can specify whether or not to use Docker to build our lambda function. We should allow this to be overridden by the command line.

This will require the following:

• A new parameter, --stdin, to specify that we're taking input from stdin.
• A new parameter, --root, to specify the root folder.
• In Terraform mode (see #18), input needs to be provided as a JSON object to be parsed as strings.

If no role is provided, we should provide an option to create one automatically. This needs to include the AWSLambdaBasicExecutionRole policy by default.

Other policies could be configured. A possible configuration schema might look like this:

role:
  name: lambda-role
  create: true
  policies:
    - name: AWSLambdaDynamoDBExecutionRole
    - arn: arn:aws:iam::aws:policy/AmazonS3FullAccess
    - inline: |
      {
        ...
      }

(create: false would be the default, and would throw an error if the role does not exist.)

Consecutive builds put different timestamps on some files and folders in the zip archive, this causes Terraform to pick it up as a change and re-deploy every time. Need to add an option to stop this happening.

ReadTheDocs is the de facto standard for documenting Python packages. We need to use it.

When lambda-tools runs twice on the same code, the packages produced have different contents. This causes problems e.g. when used alongside Terraform, which views the lambda as "dirty" every time.

Need to investigate why this has happening and what the best solution might be — it's most likely a timestamp issue. One option is to include a flag that allows the build to be skipped if no source files have changed.

A number of settings in the lambda-tools.yml file are different from their equivalents in the AWS/boto3 API or Terraform.

Some of the differences are unavoidable due to additional requirements (e.g. for building the lambda, or for looking up AWS resources by name); however, other differences are unnecessary and should be brought into sync with the AWS conventions. The changes are as follows.

dead_letter

Currently expects a string containing an ARN of an SNS topic or SQS queue. New schema:

dead_letter_config:
  # One of:
  target_arn: {dead_letter}
  target:
    sns:
    sqs:

• dead_letter_config:target_arn
• dead_letter_config:target:sns
• dead_letter_config:target:sqs

environment

Currently expects a dict of strings. New schema:

environment:
  variables: {environment}

Look for a value called variables which should be a dict. If it isn't, move all settings into variables and log a warning.

• environment:variables

kms_key

Currently accepts a string, containing the key's name. DO NOT throw a warning: this should continue to be accepted.

New schema:

kms_key:
  # One of:
  name: {kms_key}
  arn:

If a string is provided, move it into a dict, kms_key["name"].

• kms_key:name
• kms_key:arn

memory

This needs to be renamed to memory_size.

• memory_size

security_groups, subnets, vpc

Currently accept strings, containing the names of the above. New schema:

vpc_config:
  # Specify the VPC by name, ID or ARN, if necessary:
  id:
  name:
  security_groups:
    # A list of either strings or dicts:
    - {security_groups}
    - name: {security_groups}
    - id:
  subnets:
    # A list of either strings or dicts
    - {subnets}
    - name: {subnets}
    - id:

• vpc_config:id
• vpc_config:name
  • security_groups:(string)
  • security_groups:id
  • security_groups:name
  • subnets:(string)
  • subnets:id
  • subnets:name

tracing:

Currently accepts a string. New schema:

tracing_config:
  mode: {tracing}

• tracing_config:mode

Note that all options except kms_key should log warnings.

This should do the following:

• Pipe the output from stdout to stderr when running pip install.
• Print out the results of ltools list when done.

Suggested syntax:

  dead_letter:
    sns: "sns topic name"
    sqs: "sqs queue name"

Obviously only one or the other should be specified (specifying both should error). The existing option, specifying by ARN when just a simple string is passed, should be retained.