Hi all I m working to create a lambda function in js from an Pulumi Community #aws

Hi all, I’m working to create a lambda function in...

happy-grass-868

03/09/2022, 9:02 PM

Hi all, I’m working to create a lambda function in js from an image I push to ECR. I’m noticing 2 issues: 1. If I make any changes to the lambda handler code that the

Dockerfile

is pulling in, the changes are not reflected in the Image in ECR. 2. The lambda does not seem to be getting created and it fails when my code tries to attach my permissions to the lambda, I get a

Error adding new Lambda Permission for donor-score-lambda-dev: ResourceNotFoundException: Function not found

. The code is in the thread below. Thank you!

happy-grass-868

03/09/2022, 9:03 PM

Copy code

const aws = require('@pulumi/aws');
const awsx = require("@pulumi/awsx");

const { STACK, projectConfig, tags } = require('./../config');

// Create ECR cluster
const repo = new awsx.ecr.Repository(`scores-donor-cluster-${STACK}`);

// Build and publish the container image.
const image =  repo.buildAndPushImage("./../app/score/");
const lambdaRole = new aws.iam.Role(`donor-model-score-donors-lambda-${STACK}`, {
  assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
  tags
});

const scoreDonorsLambda = new aws.lambda.Function("score-donors-lambda", {
  packageType: "Image",
  imageUri: image.imageValue,
  role: lambdaRole.arn,
  timeout: 900,
  name: `donor-score-lambda-${STACK}`
});

new aws.cloudwatch.LogGroup(`donor-model-score-donors-log-group-${STACK}`, {
  retentionInDays: 30,
  name: scoreDonorsLambda.name.apply(lambdaName => `/aws/lambda/${lambdaName}`),
  tags
});

// CloudWatch IAM Policy for logging to Lambda
const lambdaLoggingPolicy = new aws.iam.Policy(`donors-api-identify-donor-scoring-log-policy-${STACK}`, {
  description: "IAM policy for logging from Lambda",
  path: "/",
  policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
`
});

new aws.iam.RolePolicyAttachment(`attach-donors-api-donor-scores-logging`, {
  policyArn: lambdaLoggingPolicy.arn,
  role: lambdaRole.name
})

const { identifyDonorRole } = require('./identifyDonorsLambda')

// Grant Function:Invoke permissions to the identifyDonor lambda
new aws.lambda.Permission(`permission-for-iam-to-invoke-score-donors`, {
  action: "lambda:InvokeFunction",
  principal: identifyDonorRole.arn,
  function: `donor-score-lambda-${STACK}`
})

5 Views

Open in Slack

Previous Next