https://pulumi.com logo
#general
Title
# general
b

brainy-magician-83981

02/27/2019, 4:17 PM
Writing a AWS Lambda function to process S3 events. I'm using AWS Lambda Layers for code deployment. When the zip files associated with the layers are updated however, they get deployed to their S3 location but the associated layer resources are not picking up this change. So the lambda function is not getting the latest updated zip files. My workaround at the moment is to delete the layer resources by commenting the resource out of my pulumi script ... running
pulumi up
... then uncommenting to add the layer resources back ... and running
pulumi up
again. Is there a better way of handling this? Thx!
w

white-balloon-205

02/27/2019, 4:54 PM
I haven’t worked with Layers myself yet, but i suspect that you need to force the Layer to be replaced so that it picks up the latest code. You should be able to do that by changing its
name
or
description
to be dependent on something tied to the version you are trying to deploy (like a hash of the contents?). If you are deploying the code to S3 outside of Pulumi, do you then want every Pulumi deployment to update the layer, or only based on some signal? Because coordinating these is often difficult and clumsy, we typically recommend patterns where the code itself is deployed as part of the Pulumi program, so that the lifecycle of all the updates can be managed.
b

brainy-magician-83981

02/27/2019, 5:19 PM
Thanks @white-balloon-205! When I create the aws.lambda.LayerVersion in my pulumi script, I set the sourceCodeHash field to the
crypto sha256 base64
checksum of the associated zip file archive. So I believe the correct Pulumi behavior is to check for changes in the
sourceCodeHash
value. If it has changed, then Pulumi will need to update the LayerVersion resource. This update will produce a new aws layer arn (ie. the layer version autoincrements on each
aws lambda publish-layer-version
command). Because the layer arn has changed, the
aws.lambda.Function
will pick up the new layer arns in the
layers
field, and thus the function gets updated. I hope this makes sense.
My other related question: do I need to explicitly set the LayerVersion
sourceCodeHash
field, or does Pulumi already do this for me?
Because I noticed in the Pulumi resource dashboard, the LayerVersion resources have values for the
sourceCodeSize
field eventhough I do not explicitly set it
@white-balloon-205 So I employed an implementation based on your advice for naming. For
dev
stacks, I tag the name of the resources with the zip file's
last modified timestamp
. For
prod
and
stage
stacks, I tag the name of the resources with the git revision hash. I believe this strategy will work out.
But I do wonder for
prod
stack deployments ... I believe Pulumi will destroy the resources if they get a new resource name. For
dev
and
stage
stacks this is OK, but I assume I will need to mark these resources as
protected
for
prod
stack deployments because we will want to keep the older versions. There may be other lambda functions that are dependent on the older layer versions.
2 Views