feat: enhance Lambda logging and fix CDK deployment

nogueiraanderson · nogueiraanderson · commit b025060943d9 · 2025-10-21T21:14:21.000+02:00
- Add comprehensive JSON-structured logging to Lambda function
  - Log configuration and thresholds at startup
  - Add execution_id tracking throughout
  - Include policy match statistics and performance metrics
  - Structured extras for CloudWatch JSON parsing

- Fix CDK deployment without Docker
  - Add bundle-lambda command to justfile
  - Install dependencies directly with uv pip --target
  - Update deploy commands to include bundling step

- Update .gitignore for Lambda dependencies
  - Exclude build-time dependencies and dist-info folders
  - Keep lambda source code tracked

- Fix Lambda handler bugs
  - Change request_id to aws_request_id for context
  - Ensure proper module imports with bundled dependencies
diff --git a/IaC/cdk/aws-resources-cleanup/.gitignore b/IaC/cdk/aws-resources-cleanup/.gitignore
@@ -53,5 +53,32 @@ Thumbs.db
 *.zip
 /tmp/
 
+# Lambda dependencies (installed at build time)
+lambda/*.dist-info/
+lambda/bin/
+lambda/boto3/
+lambda/boto3-*.dist-info/
+lambda/botocore/
+lambda/botocore-*.dist-info/
+lambda/aws_lambda_powertools/
+lambda/aws_lambda_powertools-*.dist-info/
+lambda/aws_xray_sdk/
+lambda/aws_xray_sdk-*.dist-info/
+lambda/s3transfer/
+lambda/s3transfer-*.dist-info/
+lambda/jmespath/
+lambda/jmespath-*.dist-info/
+lambda/dateutil/
+lambda/python_dateutil-*.dist-info/
+lambda/urllib3/
+lambda/urllib3-*.dist-info/
+lambda/six.py
+lambda/six-*.dist-info/
+lambda/typing_extensions.py
+lambda/typing_extensions-*.dist-info/
+lambda/wrapt/
+lambda/wrapt-*.dist-info/
+lambda/.lock
+
 # Logs
 *.log
diff --git a/IaC/cdk/aws-resources-cleanup/justfile b/IaC/cdk/aws-resources-cleanup/justfile
@@ -66,20 +66,20 @@ bootstrap:
         --region {{region}}
 
 # Synthesize CloudFormation template
-synth:
+synth: bundle-lambda
     @echo "Synthesizing CloudFormation template..."
     uv run cdk synth --profile {{profile}} --region {{region}}
 
 # Deploy in DRY_RUN mode (default, safe)
-deploy:
+deploy: bundle-lambda
     @echo "Deploying in DRY_RUN mode (safe)..."
     uv run cdk deploy \
         --profile {{profile}} \
         --region {{region}} \
         --require-approval never
 
 # Deploy in LIVE mode (destructive, requires confirmation)
-deploy-live:
+deploy-live: bundle-lambda
     @echo "⚠️  WARNING: Deploying in LIVE mode (will delete resources!)"
     @echo "Press Ctrl+C to cancel, or Enter to continue..."
     @read _
@@ -90,7 +90,7 @@ deploy-live:
         --require-approval never
 
 # Deploy with custom parameters
-deploy-custom DRY_RUN="true" THRESHOLD="30" EMAIL="":
+deploy-custom DRY_RUN="true" THRESHOLD="30" EMAIL="": bundle-lambda
     @echo "Deploying with custom parameters..."
     uv run cdk deploy \
         --profile {{profile}} \
@@ -224,10 +224,17 @@ list-lambdas:
         --query 'Functions[?starts_with(FunctionName, `Lambda`)].{Name:FunctionName,Runtime:Runtime,Size:CodeSize,Modified:LastModified}' \
         --output table
 
+# Bundle Lambda with dependencies
+bundle-lambda:
+    @echo "Bundling Lambda with dependencies..."
+    @echo "Installing dependencies in lambda directory..."
+    uv pip install -r lambda/aws_resource_cleanup/requirements.txt --target lambda/
+    @echo "✓ Lambda bundled with dependencies"
+
 # Update Lambda code only (faster than full deploy)
-update-code:
+update-code: bundle-lambda
     @echo "Building Lambda package..."
-    cd lambda && zip -r /tmp/lambda-code.zip aws_resource_cleanup/
+    cd lambda && zip -r /tmp/lambda-code.zip .
     @echo "Updating Lambda function code..."
     aws lambda update-function-code \
         --function-name {{lambda_function}} \
diff --git a/IaC/cdk/aws-resources-cleanup/lambda/aws_resource_cleanup/ec2/instances.py b/IaC/cdk/aws-resources-cleanup/lambda/aws_resource_cleanup/ec2/instances.py
@@ -107,21 +107,36 @@ def execute_cleanup_action(action: CleanupAction, region: str) -> bool:
         if action.action == "TERMINATE":
             if DRY_RUN:
                 logger.info(
-                    "Would TERMINATE instance",
+                    "[DRY-RUN] Would TERMINATE instance",
                     extra={
+                        "action_type": "TERMINATE",
                         "dry_run": True,
-                        "instance_id": action.instance_id,
+                        "resource": {
+                            "type": "instance",
+                            "id": action.instance_id,
+                            "name": action.name,
+                            "billing_tag": action.billing_tag,
+                        },
                         "region": region,
                         "reason": action.reason,
+                        "days_overdue": round(action.days_overdue, 2) if action.days_overdue else 0,
                     },
                 )
             else:
                 logger.info(
-                    "TERMINATE instance",
+                    "EXECUTING: TERMINATE instance",
                     extra={
-                        "instance_id": action.instance_id,
+                        "action_type": "TERMINATE",
+                        "dry_run": False,
+                        "resource": {
+                            "type": "instance",
+                            "id": action.instance_id,
+                            "name": action.name,
+                            "billing_tag": action.billing_tag,
+                        },
                         "region": region,
                         "reason": action.reason,
+                        "days_overdue": round(action.days_overdue, 2) if action.days_overdue else 0,
                     },
                 )
                 ec2.terminate_instances(InstanceIds=[action.instance_id])
@@ -251,21 +266,36 @@ def execute_cleanup_action(action: CleanupAction, region: str) -> bool:
         elif action.action == "STOP":
             if DRY_RUN:
                 logger.info(
-                    "Would STOP instance",
+                    "[DRY-RUN] Would STOP instance",
                     extra={
+                        "action_type": "STOP",
                         "dry_run": True,
-                        "instance_id": action.instance_id,
+                        "resource": {
+                            "type": "instance",
+                            "id": action.instance_id,
+                            "name": action.name,
+                            "billing_tag": action.billing_tag,
+                        },
                         "region": region,
                         "reason": action.reason,
+                        "days_overdue": round(action.days_overdue, 2) if action.days_overdue else 0,
                     },
                 )
             else:
                 logger.info(
-                    "STOP instance",
+                    "EXECUTING: STOP instance",
                     extra={
-                        "instance_id": action.instance_id,
+                        "action_type": "STOP",
+                        "dry_run": False,
+                        "resource": {
+                            "type": "instance",
+                            "id": action.instance_id,
+                            "name": action.name,
+                            "billing_tag": action.billing_tag,
+                        },
                         "region": region,
                         "reason": action.reason,
+                        "days_overdue": round(action.days_overdue, 2) if action.days_overdue else 0,
                     },
                 )
                 ec2.stop_instances(InstanceIds=[action.instance_id])
diff --git a/IaC/cdk/aws-resources-cleanup/lambda/aws_resource_cleanup/ec2/policies.py b/IaC/cdk/aws-resources-cleanup/lambda/aws_resource_cleanup/ec2/policies.py
@@ -193,7 +193,7 @@ def check_untagged(
     days_running = minutes_running / 1440
     name = tags_dict.get("Name", "N/A")
 
-    reason = f"Missing billing tag. Running {minutes_running:.0f} minutes (threshold: {UNTAGGED_THRESHOLD_MINUTES})"
+    reason = f"Missing billing tag. Running {minutes_running:.0f} minutes (threshold: {UNTAGGED_THRESHOLD_MINUTES} minutes)"
 
     return CleanupAction(
         instance_id=instance["InstanceId"],
diff --git a/IaC/cdk/aws-resources-cleanup/lambda/aws_resource_cleanup/ec2/volumes.py b/IaC/cdk/aws-resources-cleanup/lambda/aws_resource_cleanup/ec2/volumes.py
@@ -171,12 +171,19 @@ def delete_volume(action: CleanupAction, region: str) -> bool:
 
         if DRY_RUN:
             logger.info(
-                "Would DELETE volume",
+                "[DRY-RUN] Would DELETE volume",
                 extra={
+                    "action_type": "DELETE_VOLUME",
                     "dry_run": True,
-                    "volume_id": action.volume_id,
+                    "resource": {
+                        "type": "volume",
+                        "id": action.volume_id,
+                        "name": action.name,
+                        "billing_tag": action.billing_tag,
+                    },
                     "region": region,
                     "reason": action.reason,
+                    "days_old": round(action.days_overdue, 2) if action.days_overdue else 0,
                 },
             )
             return True
@@ -211,11 +218,19 @@ def delete_volume(action: CleanupAction, region: str) -> bool:
         # Delete volume
         ec2.delete_volume(VolumeId=action.volume_id)
         logger.info(
-            "DELETE volume",
+            "EXECUTING: DELETE volume",
             extra={
-                "volume_id": action.volume_id,
+                "action_type": "DELETE_VOLUME",
+                "dry_run": False,
+                "resource": {
+                    "type": "volume",
+                    "id": action.volume_id,
+                    "name": action.name,
+                    "billing_tag": action.billing_tag,
+                },
                 "region": region,
                 "reason": action.reason,
+                "days_old": round(action.days_overdue, 2) if action.days_overdue else 0,
             },
         )
         return True
diff --git a/IaC/cdk/aws-resources-cleanup/lambda/aws_resource_cleanup/handler.py b/IaC/cdk/aws-resources-cleanup/lambda/aws_resource_cleanup/handler.py
