Skip to content
This repository was archived by the owner on Jan 14, 2025. It is now read-only.

Commit 623d5c1

Browse files
samdenglersamdengler
committed
Update Module 3 with XRay documentation and permissions
1 parent 048588f commit 623d5c1

File tree

2 files changed

+26
-26
lines changed

2 files changed

+26
-26
lines changed

DevOps/3_XRay/README.md

Lines changed: 25 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -64,33 +64,32 @@ As you can see, the basic X-Ray integration into Lambda requires only two change
6464

6565
## Environment Setup
6666

67-
In order to tacke [Problem 1: Error Discovery Using X-Ray](#problem-1-error-discovery-using-x-ray) and [Problem 2: Performance Discovery Using-X-Ray](#problem-2-performance-discovery-using-x-ray), you must make a few IAM Policy changes and clone a seed the project repository using the steps below.
67+
In order to tackle [Problem 1: Error Discovery Using X-Ray](#problem-1-error-discovery-using-x-ray) and [Problem 2: Performance Discovery Using-X-Ray](#problem-2-performance-discovery-using-x-ray), you must clone a seed the project repository using the steps below.
6868

69+
**Note:** For the Lambda Function to access the X-Ray Service, the **LambdaExecutionPolicy** must include the **arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess** Managed Policy. For simplification, this policy has been added to the **template.yml** file, which will now look like the following:
6970

70-
71-
### 1. Add the AWSXrayWriteOnlyAccess Policy to the `CodeStarWorker-uni-api-Lambda` Role
72-
73-
1. In the AWS Management Console choose **Services** then select **IAM** under Security, Identity & Compliance.
74-
75-
1. Select Role in the left navigation, type `CodeStarWorker-uni-api-Lambda` in the filter text box, and click the Role name link in the Role table.
76-
77-
![Select Role](images/role-1.png)
78-
79-
1. On the Role Summary page, click the **Attach Policy** button in the **Managed Policies** section of the **Permissions** tab.
80-
81-
![Role Details](images/role-2.png)
82-
83-
1. Type `AWSXRayWriteOnlyAccess` in the filter text box, select the checkbox next to the **AWSXRayWriteOnlyAccess** Managed Policy, and click the **Attach Policy** button.
84-
85-
![Attach Policy](images/role-3.png)
86-
87-
1. The Role Summary will now include the **AWSXRayWriteOnlyAccess** policy in the list of **Managed Policies**.
88-
89-
![Policy Attached](images/role-4.png)
90-
71+
```
72+
LambdaExecutionRole:
73+
Description: Creating service role in IAM for AWS Lambda
74+
Type: AWS::IAM::Role
75+
Properties:
76+
RoleName: !Sub 'CodeStar-${ProjectId}-Execution${Stage}'
77+
AssumeRolePolicyDocument:
78+
Statement:
79+
- Effect: Allow
80+
Principal:
81+
Service: [lambda.amazonaws.com]
82+
Action: sts:AssumeRole
83+
Path: /
84+
ManagedPolicyArns:
85+
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
86+
- arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
87+
- arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
88+
PermissionsBoundary: !Sub 'arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/CodeStar_${ProjectId}_PermissionsBoundary'
89+
```
9190

9291

93-
### 2. Seed the `uni-api` CodeCommit Git repository
92+
### 1. Seed the `uni-api` CodeCommit Git repository
9493

9594
1. Each module has corresponding source code used to seed the CodeStar CodeCommit Git repository to support the workshop. To seed the CodeCommit Git repository, click on the **Launch Stack** button for your region below:
9695

@@ -118,7 +117,7 @@ In order to tacke [Problem 1: Error Discovery Using X-Ray](#problem-1-error-disc
118117

119118

120119

121-
### 3. Fetch CodeCommit Git Repository
120+
### 2. Fetch CodeCommit Git Repository
122121

123122
Now that the CodeCommit Git repository has been seeded with new source code, you will need to fetch the changes locally so that you may modify the code. Typically, this is accomplished using the `git pull` command, however for the workshop we have replaced the repository with a new history and different Git commands will be used.
124123

@@ -131,7 +130,7 @@ git reset --hard origin/master
131130

132131

133132

134-
### 4. Validate CodePipeline Unicorn API Deployment
133+
### 3. Validate CodePipeline Unicorn API Deployment
135134

136135
After the repository has been seeded, it will start a pipeline execution. Monitor the pipeline until you observe the pipeline completion, indicated by the **Deploy** stage turning green.
137136

@@ -140,7 +139,7 @@ After the repository has been seeded, it will start a pipeline execution. Monit
140139

141140

142141

143-
### 5. Exercise List Unicorns API Method
142+
### 4. Exercise List Unicorns API Method
144143

145144
**Goal:** Use the CodeStar Console to find the Application Endpoint, and use your browser to test the "/unicorns" list resource.
146145

DevOps/3_XRay/uni-api/template.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,4 +125,5 @@ Resources:
125125
ManagedPolicyArns:
126126
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
127127
- arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
128+
- arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
128129
PermissionsBoundary: !Sub 'arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/CodeStar_${ProjectId}_PermissionsBoundary'

0 commit comments

Comments
 (0)