https://pulumi.com logo
Powered by
Title
h

happy-grass-868

03/09/2022, 9:02 PM
Hi all, I’m working to create a lambda function in js from an image I push to ECR. I’m noticing 2 issues: 1. If I make any changes to the lambda handler code that the 
Dockerfile
is pulling in, the changes are not reflected in the Image in ECR. 2. The lambda does not seem to be getting created and it fails when my code tries to attach my permissions to the lambda, I get a 
Error adding new Lambda Permission for donor-score-lambda-dev: ResourceNotFoundException: Function not found
. The code is in the thread below. Thank you!
const aws = require('@pulumi/aws');
const awsx = require("@pulumi/awsx");

const { STACK, projectConfig, tags } = require('./../config');

// Create ECR cluster
const repo = new awsx.ecr.Repository(`scores-donor-cluster-${STACK}`);

// Build and publish the container image.
const image =  repo.buildAndPushImage("./../app/score/");
const lambdaRole = new aws.iam.Role(`donor-model-score-donors-lambda-${STACK}`, {
  assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
  tags
});

const scoreDonorsLambda = new aws.lambda.Function("score-donors-lambda", {
  packageType: "Image",
  imageUri: image.imageValue,
  role: lambdaRole.arn,
  timeout: 900,
  name: `donor-score-lambda-${STACK}`
});

new aws.cloudwatch.LogGroup(`donor-model-score-donors-log-group-${STACK}`, {
  retentionInDays: 30,
  name: scoreDonorsLambda.name.apply(lambdaName => `/aws/lambda/${lambdaName}`),
  tags
});

// CloudWatch IAM Policy for logging to Lambda
const lambdaLoggingPolicy = new aws.iam.Policy(`donors-api-identify-donor-scoring-log-policy-${STACK}`, {
  description: "IAM policy for logging from Lambda",
  path: "/",
  policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
`
});

new aws.iam.RolePolicyAttachment(`attach-donors-api-donor-scores-logging`, {
  policyArn: lambdaLoggingPolicy.arn,
  role: lambdaRole.name
})

const { identifyDonorRole } = require('./identifyDonorsLambda')

// Grant Function:Invoke permissions to the identifyDonor lambda
new aws.lambda.Permission(`permission-for-iam-to-invoke-score-donors`, {
  action: "lambda:InvokeFunction",
  principal: identifyDonorRole.arn,
  function: `donor-score-lambda-${STACK}`
})
5 Views
#awsJoin Slack
Powered by