gkrizek/bash-lambda-layer -- Run Bash scripts in AWS Lambda via Layers

栏目: IT技术 · 发布时间: 4年前

内容简介:Run Bash inSee thesection to understand how to use these layers. Also see theLike any other Lambda function code, your main script's name must match the first part of your handler. Inside your main script, you must define a function that matches the second

Bash in AWS Lambda

Run Bash in AWS Lambda via Layers . This Layer is 100% Bash and handles all communication with the Lambda Runtime API. This allows you to run full Bash scripts and commands inside of AWS Lambda. This Layer also includes common CLI tools used in Bash scripts.

See thesection to understand how to use these layers. Also see the example-basic.sh file for an example of how to write a Bash script compatible with this Layer.

ARN

arn:aws:lambda:<region>:744348701589:layer:bash:8

How To

Getting Started

AWS Lambda Console

  1. Login to your AWS Account and go to the Lambda Console.
  2. Create a new function and give it a name and an IAM Role.
  3. For the "Runtime" selection, select Use custom runtime in function code or layer .
  4. In the "Designer" section of your function dashboard, select the Layers box.
  5. Scroll down to the "Referenced Layers" section and click Add a layer .
  6. Select the Provide a layer version ARN option, then copy/paste thefor your region.
  7. Click the Add button.
  8. Click Save in the upper right.
  9. Upload your code and start using Bash in AWS Lambda!

AWS CLI

  1. Create a function that uses the provided runtime and thefor your region.
$ aws lambda create-function \
    --function-name bashFunction \
    --role bashFunctionRole \
    --handler index.handler \
    --runtime provided \
    --layers arn:aws:lambda:<region>:744348701589:layer:bash:8 \
    --zip-file fileb://function.zip
  1. Start using Bash in AWS Lambda!

Updating Versions

AWS Lambda Console

  1. In the "Designer" section of your function dashboard, select the Layers box.
  2. Scroll down to the "Referenced Layers" section and click Add a layer .
  3. Select the Provide a layer version ARN option, then copy/paste thefor your region.
  4. Click the Add button.
  5. Still under the "Referenced Layers" section, select the previous version and click Remove .
  6. Click Save in the upper right.

AWS CLI

  1. Update your function's configration and add thefor your region.
$ aws lambda update-function-configuration \
    --function-name bashFunction \
    --layers arn:aws:lambda:<region>:744348701589:layer:bash:8

Writing Scripts

Like any other Lambda function code, your main script's name must match the first part of your handler. Inside your main script, you must define a function that matches the second part of the handler. You must have set -e be the first line inside your function. Putting #!/bin/bash at the top of your file is not necessary. So if your Lambda handler is index.handler , your file and contents should look like:

$ cat index.sh
handler () {
    set -e
    ...
}

The event data is sent to your function as the first parameter. To access it, you should use $1 . So if you need the event data, you should set it to a variable. For example, EVENT_DATA=$1 .

handler () {
    set -e
    EVENT_DATA=$1
}

All the pre-installed tools are already in your $PATH so you can use them as expected. Any command output is automatically sent to CloudWatch, just like normal Lambda functions.

handler () {
    set -e
    EVENT_DATA=$1
    aws s3 ls $(echo $EVENT_DATA | jq ."bucket")
}

If you need to send a response back, you should send the response to stderr . (see thesection for an explanation) To send output to stderr you should use >&2 . This will be picked up and returned from the Lambda function.

handler () {
    set -e
    EVENT_DATA=$1
    aws s3 ls $(echo $EVENT_DATA | jq ."bucket")
    echo "{\"success\": true}" >&2
}

Caveats

Bash behaves in ways unlike other programming languages. As such, there are some requirements on the user's end that must be done.

  • set -e must be set inside your function

    By default, a bash script won't exit when it encounters an error. In order for the layer to correctly catch the error and report it (as well as stop the script from executing), we must set the function to exit on error.

  • You must send your return value to stderr

    Inside a normal Bash function, anything that is sent to stdout is part of the return value for that function. In order to properly capture the user's return value and still send stdout to CloudWatch, this Layer uses stderr as the return value. To send something to stderr simply append >&2 to the end of the command. See the example scripts for help.

Notes

  • $HOME is set to /tmp . This is because the Lambda filesystem is read-only except for the /tmp directory. Some programs require $HOME to be writeable (like the AWS CLI and some SSH commands), so this allows them to work without issue.

  • Files to configure the AWS CLI should be put in /tmp/.aws . By default, the CLI uses the same region and IAM Role as your lambda function. If you need to set something different, you can use the /tmp/.aws/config and /tmp/.aws/credentials files accordingly.

  • When using curl, you should use the -s flag. Without the silent flag, curl will send the progress bar of your request to stderr . This will show up in your response. So it's usually best to disable the progress bar.

  • The AWS CLI appears to be much slower than most of the AWS SDKs. Take this into consideration when comparing Bash with another language and evaluating execution times.

  • If a command is logging unwanted messages to stderr that are being picked up in your response, you can see if there is something similiar to a --silent flag. If there is not, you can remove the messages to stderr by redirecting to /dev/null ( 2>/dev/null ) or redirecting stderr to stdout for that command ( 2>&1 ) to send them to CloudWatch.

  • With this method there is no context in the function, only event data. The event data is sent to your function as the first parameter. So to access the event data, use $1 , for example EVENT_DATA=$1 . In order to give some details that were availabe in the context , I export a few additional variables.

    AWS_LAMBDA_REQUEST_ID - AWS Lambda Request ID

    AWS_LAMBDA_DEADLINE_MS - Time, in epoch, that your function must exit by

    AWS_LAMBDA_FUNCTION_ARN - Full AWS Lambda function ARN

    AWS_LAMBDA_TRACE_ID - The sampling decision, trace ID, and parent segment ID of AWS XRay

Building

To build a layer, simply run make build . This will create a zip archive of the layer in the export/ directory.

Publishing

To publish the layer to the public, simply run make publish . This will create a new version of the layer from the export/layer.zip file (create from the Build step) and give it a global read permission.

Adding New Executables

Some executables are able to run by themselves and some require additional dependencies that are present on the server. It's hard to cover here case here, but if the executable run by itself it can easily be added. If it has dependencies, you must explore what those dependencies are and how to add them to the layer as well.

You can either add the executable from an Amazon Linux AMI or from the lambci/lambda:build-python3.6 Docker image.

Disclaimer: I usually don't add in executables from pull requests for security reasons. If you would like to see an executable in this layer make an issue and I'll try to add it.

Included Executables

$ aws
$ bc
$ git
$ jq
$ rsync
$ scp
$ sftp
$ ssh
$ sshpass
$ time
$ traceroute
$ tree
$ wget
$ vim
$ zip

Already included in the Lambda environment:

$ awk
$ cat
$ curl
$ cut
$ date
$ diff
$ grep
$ gzip
$ head
$ md5sum
$ pwd
$ sed
$ tar
$ tail
$ tee
$ xargs

If you would like to see more, please create an issue.

Shout-out to the LambCI team for their work on lambci/git-lambda-layer which some of the git and ssh build process was taken from.


以上所述就是小编给大家介绍的《gkrizek/bash-lambda-layer -- Run Bash scripts in AWS Lambda via Layers》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

密码学原理与实践

密码学原理与实践

[加]Douglas R.Stinson / 冯登国 / 电子工业出版社 / 2009年 / 55.00元

冯登国(FENG Dengguo,1965.5~), 现为中国科学院软件所研究员、博士生导师,信息安全国家重点实验室主任,国家计算机网络入侵防范中心主任,国家信息化专家咨询委员会委员。目前主要从事信息与网络安全方面的研究与开发工作。一起来看看 《密码学原理与实践》 这本书的介绍吧!

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码

Markdown 在线编辑器
Markdown 在线编辑器

Markdown 在线编辑器

HEX CMYK 转换工具
HEX CMYK 转换工具

HEX CMYK 互转工具