Skip to content

Commit 79cf6b0

Browse files
hobuhobu
committed
fixes to get things working remotely too
1 parent bac0487 commit 79cf6b0

File tree

8 files changed

+103
-72
lines changed

8 files changed

+103
-72
lines changed

.gitignore

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
1-
lambda-deploy.zip
2-
1+
*.tfstate*
2+
*.hcl
3+
.terraform/

docker/test-remote.sh

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
#!/bin/bash
2+
3+
eventfilename=$1
4+
5+
FUNCTION_NAME=$(cat ../terraform/terraform.tfstate | jq '.outputs.info_lambda_name.value // empty' -r)
6+
7+
8+
aws lambda invoke \
9+
--function-name "$FUNCTION_NAME" \
10+
--invocation-type RequestResponse \
11+
--payload fileb://$eventfilename \
12+
response.json
13+
14+
15+

handlers/python/ecr/info.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,16 +23,18 @@ def handler(event, context):
2323
logger.debug(f'processing {path}')
2424

2525

26+
2627
command = f'pdal info --debug {path.as_uri()}'
2728
env = os.environ.copy()
2829

2930
# FIXME This hardcodes our s3 region to east to read our test file
3031
env['AWS_REGION'] = "us-east-1"
32+
# env['VERBOSE'] = "1"
3133

3234
response = util.run(command, env = env)
3335
logger.debug(f'response {response}')
3436

35-
j = json.loads(response[0])
37+
j = json.loads(response)
3638
infos.append(j)
3739

3840
return infos

handlers/python/ecr/util.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,19 +26,19 @@ def run(cargs, working_dir=None, env = None):
2626
stdout=subprocess.PIPE,
2727
stderr=subprocess.PIPE,
2828
encoding="utf8",
29-
cwd=working_dir,
29+
cwd = working_dir,
3030
env = local_env,
3131
)
3232
ret = p.communicate()
3333

34+
body, error = ret
3435
if p.returncode != 0:
35-
error = ret[1]
3636
logger.error(cargs)
3737
logger.error(error)
38-
error = {"args": cargs, "error": error}
38+
error = {"args": cargs, "error": error, "body": body}
3939
raise AttributeError(error)
4040

41-
return ret
41+
return body
4242

4343

4444

terraform/main.tf

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,3 +40,10 @@ output "stage" {
4040
description = "Deployment stage"
4141
value = var.stage
4242
}
43+
44+
45+
46+
output "info_lambda_name" {
47+
description = "Lambda Name"
48+
value = module.resources.info_lambda_name
49+
}

terraform/resources/data.tf

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
11
data "aws_region" "current" { }
22

3-
data "aws_caller_identity" "current" { }
3+
data "aws_caller_identity" "current" { }
4+
5+

terraform/resources/lambda.tf

Lines changed: 15 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,47 +1,19 @@
1-
resource "aws_lambda_function" "lambda-pdal-pipeline" {
2-
function_name = "${var.prefix}-${var.stage}-pipeline"
3-
description = "Runs PDAL pipelines"
41

5-
image_uri = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/${var.prefix}-${var.stage}-pdal_runner:${var.arch}"
6-
7-
package_type = "Image"
8-
architectures = ["${var.arch == "amd64" ? "x86_64" : "arm64"}"]
9-
role = aws_iam_role.lambda_role.arn
10-
depends_on = [ null_resource.ecr_image ]
11-
timeout = var.function_timeout
12-
memory_size = 1024
13-
14-
image_config {
15-
command = ["lambda.ecr.pipeline.handler"]
16-
}
17-
tags = {
18-
name = var.prefix
19-
Name = "${var.prefix}:lambda.${var.stage}.pipeline"
20-
stage = var.stage
21-
}
22-
23-
environment {
24-
variables = {
25-
HOME = "/var/task"
26-
}
27-
}
28-
}
29-
30-
resource "aws_lambda_function" "lambda-pdal-info" {
2+
resource "aws_lambda_function" "lambda_pdal_info" {
313
function_name = "${var.prefix}-${var.stage}-info"
324
description = "Extracts metadata info from point clouds and raster files"
335

346
image_uri = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/${var.prefix}-${var.stage}-pdal_runner:${var.arch}"
357

368
package_type = "Image"
379
architectures = ["${var.arch == "amd64" ? "x86_64" : "arm64"}"]
38-
role = aws_iam_role.lambda_role.arn
10+
role = aws_iam_role.iam_role_for_lambda.arn
3911
depends_on = [ null_resource.ecr_image ]
4012
timeout = var.function_timeout
4113
memory_size = 1024
4214

4315
image_config {
44-
command = ["pdal_handler.info_handler"]
16+
command = ["pdal_lambda.ecr.info.handler"]
4517
}
4618
tags = {
4719
name = var.prefix
@@ -54,4 +26,15 @@ resource "aws_lambda_function" "lambda-pdal-info" {
5426
HOME = "/var/task"
5527
}
5628
}
57-
}
29+
}
30+
31+
resource "aws_lambda_function_event_invoke_config" "lambda_event_invoke_config" {
32+
function_name = aws_lambda_function.lambda_pdal_info.function_name
33+
maximum_event_age_in_seconds = 60
34+
maximum_retry_attempts = 0
35+
}
36+
37+
output "info_lambda_name" {
38+
value = aws_lambda_function.lambda_pdal_info.function_name
39+
}
40+

terraform/resources/roles.tf

Lines changed: 53 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,46 +1,67 @@
1-
resource "aws_iam_role" "lambda_role" {
1+
data "aws_iam_policy_document" "lambda_trust_policy" {
2+
statement {
3+
actions = ["sts:AssumeRole"]
4+
effect = "Allow"
5+
principals {
6+
type = "Service"
7+
identifiers = ["lambda.amazonaws.com"]
8+
}
9+
}
10+
}
11+
12+
13+
resource "aws_iam_role" "iam_role_for_lambda" {
214
name = "${var.prefix}_${var.stage}_Lambda_Function_Role"
15+
assume_role_policy = data.aws_iam_policy_document.lambda_trust_policy.json
16+
}
17+
18+
19+
data "aws_iam_policy_document" "iam_for_lambda_policy_document" {
20+
statement {
21+
actions = [
22+
"logs:CreateLogGroup",
23+
"logs:CreateLogStream",
24+
"logs:PutLogEvents"
25+
]
26+
effect = "Allow"
27+
resources = ["*"]
28+
sid = "CreateCloudWatchLogs"
29+
}
30+
31+
statement {
32+
actions = [
33+
"s3:GetObject",
34+
]
35+
effect = "Allow"
36+
resources = ["*"]
37+
sid = "ReadS3"
38+
}
39+
40+
41+
342

4-
assume_role_policy = <<EOF
5-
{
6-
"Version": "2012-10-17",
7-
"Statement": [
8-
{
9-
"Action": "sts:AssumeRole",
10-
"Principal": {
11-
"Service": "lambda.amazonaws.com"
12-
},
13-
"Effect": "Allow",
14-
"Sid": ""
15-
}
16-
]
1743
}
18-
EOF
44+
45+
resource "aws_iam_policy" "lambda_logging_policy" {
46+
name = "${var.prefix}-${var.stage}-lambda-logging-policy"
47+
path = "/"
48+
description = "IAM policy for logging from a lambda"
49+
policy = data.aws_iam_policy_document.iam_for_lambda_policy_document.json
50+
}
51+
52+
resource "aws_iam_role_policy_attachment" "lambda_logging_policy_attachment" {
53+
role = aws_iam_role.iam_role_for_lambda.name
54+
policy_arn = aws_iam_policy.lambda_logging_policy.arn
1955
}
2056

2157
resource "aws_iam_policy" "iam_policy_for_lambda" {
2258
name = "${var.prefix}_${var.stage}_aws_iam_policy_for_terraform_aws_lambda_role"
2359
path = "/"
2460
description = "AWS IAM Policy for managing aws lambda role"
25-
policy = <<EOF
26-
{
27-
"Version": "2012-10-17",
28-
"Statement": [
29-
{
30-
"Action": [
31-
"logs:CreateLogGroup",
32-
"logs:CreateLogStream",
33-
"logs:PutLogEvents"
34-
],
35-
"Resource": "arn:aws:logs:*:*:*",
36-
"Effect": "Allow"
37-
}
38-
]
39-
}
40-
EOF
61+
policy = data.aws_iam_policy_document.iam_for_lambda_policy_document.json
4162
}
4263

4364
resource "aws_iam_role_policy_attachment" "basic" {
4465
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
45-
role = aws_iam_role.lambda_role.name
66+
role = aws_iam_role.iam_role_for_lambda.name
4667
}

0 commit comments

Comments
 (0)