内容简介:Run Bash inSee thesection to understand how to use these layers. Also see theLike any other Lambda function code, your main script's name must match the first part of your handler. Inside your main script, you must define a function that matches the second
Bash in AWS Lambda
Run Bash in AWS Lambda via Layers . This Layer is 100% Bash and handles all communication with the Lambda Runtime API. This allows you to run full Bash scripts and commands inside of AWS Lambda. This Layer also includes common CLI tools used in Bash scripts.
See thesection to understand how to use these layers. Also see the example-basic.sh file for an example of how to write a Bash script compatible with this Layer.
ARN
arn:aws:lambda:<region>:744348701589:layer:bash:8
How To
Getting Started
AWS Lambda Console
- Login to your AWS Account and go to the Lambda Console.
- Create a new function and give it a name and an IAM Role.
-
For the "Runtime" selection, select
Use custom runtime in function code or layer
. -
In the "Designer" section of your function dashboard, select the
Layers
box. -
Scroll down to the "Referenced Layers" section and click
Add a layer
. -
Select the
Provide a layer version ARN
option, then copy/paste thefor your region. -
Click the
Add
button. -
Click
Save
in the upper right. - Upload your code and start using Bash in AWS Lambda!
AWS CLI
-
Create a function that uses the
provided
runtime and thefor your region.
$ aws lambda create-function \ --function-name bashFunction \ --role bashFunctionRole \ --handler index.handler \ --runtime provided \ --layers arn:aws:lambda:<region>:744348701589:layer:bash:8 \ --zip-file fileb://function.zip
- Start using Bash in AWS Lambda!
Updating Versions
AWS Lambda Console
-
In the "Designer" section of your function dashboard, select the
Layers
box. -
Scroll down to the "Referenced Layers" section and click
Add a layer
. -
Select the
Provide a layer version ARN
option, then copy/paste thefor your region. -
Click the
Add
button. -
Still under the "Referenced Layers" section, select the previous version and click
Remove
. -
Click
Save
in the upper right.
AWS CLI
- Update your function's configration and add thefor your region.
$ aws lambda update-function-configuration \ --function-name bashFunction \ --layers arn:aws:lambda:<region>:744348701589:layer:bash:8
Writing Scripts
Like any other Lambda function code, your main script's name must match the first part of your handler. Inside your main script, you must define a function that matches the second part of the handler. You must have set -e
be the first line inside your function. Putting #!/bin/bash
at the top of your file is not necessary. So if your Lambda handler is index.handler
, your file and contents should look like:
$ cat index.sh handler () { set -e ... }
The event
data is sent to your function as the first parameter. To access it, you should use $1
. So if you need the event
data, you should set it to a variable. For example, EVENT_DATA=$1
.
handler () { set -e EVENT_DATA=$1 }
All the pre-installed tools are already in your $PATH
so you can use them as expected. Any command output is automatically sent to CloudWatch, just like normal Lambda functions.
handler () { set -e EVENT_DATA=$1 aws s3 ls $(echo $EVENT_DATA | jq ."bucket") }
If you need to send a response back, you should send the response to stderr
. (see thesection for an explanation) To send output to stderr
you should use >&2
. This will be picked up and returned from the Lambda function.
handler () { set -e EVENT_DATA=$1 aws s3 ls $(echo $EVENT_DATA | jq ."bucket") echo "{\"success\": true}" >&2 }
Caveats
Bash behaves in ways unlike other programming languages. As such, there are some requirements on the user's end that must be done.
-
set -e
must be set inside your functionBy default, a bash script won't exit when it encounters an error. In order for the layer to correctly catch the error and report it (as well as stop the script from executing), we must set the function to exit on error.
-
You must send your return value to
stderr
Inside a normal Bash function, anything that is sent to
stdout
is part of the return value for that function. In order to properly capture the user's return value and still sendstdout
to CloudWatch, this Layer usesstderr
as the return value. To send something tostderr
simply append>&2
to the end of the command. See the example scripts for help.
Notes
-
$HOME
is set to/tmp
. This is because the Lambda filesystem is read-only except for the/tmp
directory. Some programs require$HOME
to be writeable (like the AWS CLI and some SSH commands), so this allows them to work without issue. -
Files to configure the AWS CLI should be put in
/tmp/.aws
. By default, the CLI uses the same region and IAM Role as your lambda function. If you need to set something different, you can use the/tmp/.aws/config
and/tmp/.aws/credentials
files accordingly. -
When using curl, you should use the
-s
flag. Without the silent flag, curl will send the progress bar of your request tostderr
. This will show up in your response. So it's usually best to disable the progress bar. -
The AWS CLI appears to be much slower than most of the AWS SDKs. Take this into consideration when comparing Bash with another language and evaluating execution times.
-
If a command is logging unwanted messages to
stderr
that are being picked up in your response, you can see if there is something similiar to a--silent
flag. If there is not, you can remove the messages tostderr
by redirecting to /dev/null (2>/dev/null
) or redirectingstderr
tostdout
for that command (2>&1
) to send them to CloudWatch. -
With this method there is no
context
in the function, onlyevent
data. Theevent
data is sent to your function as the first parameter. So to access theevent
data, use$1
, for exampleEVENT_DATA=$1
. In order to give some details that were availabe in thecontext
, I export a few additional variables.AWS_LAMBDA_REQUEST_ID
- AWS Lambda Request IDAWS_LAMBDA_DEADLINE_MS
- Time, in epoch, that your function must exit byAWS_LAMBDA_FUNCTION_ARN
- Full AWS Lambda function ARNAWS_LAMBDA_TRACE_ID
- The sampling decision, trace ID, and parent segment ID of AWS XRay
Building
To build a layer, simply run make build
. This will create a zip archive of the layer in the export/
directory.
Publishing
To publish the layer to the public, simply run make publish
. This will create a new version of the layer from the export/layer.zip
file (create from the Build step) and give it a global read permission.
Adding New Executables
Some executables are able to run by themselves and some require additional dependencies that are present on the server. It's hard to cover here case here, but if the executable run by itself it can easily be added. If it has dependencies, you must explore what those dependencies are and how to add them to the layer as well.
You can either add the executable from an Amazon Linux AMI or from the lambci/lambda:build-python3.6 Docker image.
Disclaimer: I usually don't add in executables from pull requests for security reasons. If you would like to see an executable in this layer make an issue and I'll try to add it.
Included Executables
$ aws $ bc $ git $ jq $ rsync $ scp $ sftp $ ssh $ sshpass $ time $ traceroute $ tree $ wget $ vim $ zip
Already included in the Lambda environment:
$ awk $ cat $ curl $ cut $ date $ diff $ grep $ gzip $ head $ md5sum $ pwd $ sed $ tar $ tail $ tee $ xargs
If you would like to see more, please create an issue.
Shout-out to the LambCI team for their work on lambci/git-lambda-layer
which some of the git
and ssh
build process was taken from.
以上所述就是小编给大家介绍的《gkrizek/bash-lambda-layer -- Run Bash scripts in AWS Lambda via Layers》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
密码学原理与实践
[加]Douglas R.Stinson / 冯登国 / 电子工业出版社 / 2009年 / 55.00元
冯登国(FENG Dengguo,1965.5~), 现为中国科学院软件所研究员、博士生导师,信息安全国家重点实验室主任,国家计算机网络入侵防范中心主任,国家信息化专家咨询委员会委员。目前主要从事信息与网络安全方面的研究与开发工作。一起来看看 《密码学原理与实践》 这本书的介绍吧!