Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for lambda layers and how to adjust environment/handler? #7635

Closed
dschro-1993 opened this issue Aug 10, 2022 Discussed in #7633 · 4 comments
Closed

Support for lambda layers and how to adjust environment/handler? #7635

dschro-1993 opened this issue Aug 10, 2022 Discussed in #7633 · 4 comments

Comments

@dschro-1993
Copy link
Contributor

Discussed in https://github.com/orgs/cloud-custodian/discussions/7633

Found a closed issue:
#4334

At the moment I am struggling with the environment and the handler of my lambdas.
For datadog I have to modify a few things:

policies:
  - name: s3-set-bucket-encryption
    resource: s3
    mode:
      type: periodic
      schedule: "rate(5 minutes)"
      role: arn:aws:iam::{account_id}:role/<role-name>
      layers:
        - "arn:aws:lambda:{region}:464622532012:layer:Datadog-Python39:60"
        - "arn:aws:lambda:{region}:464622532012:layer:Datadog-Extension:27"
      environment:
        DD_LAMBDA_HANDLER: "custodian_policy.run"
        DD_SITE:           "datadoghq.eu"
        DD_API_KEY:        "<dd_api_key>"
#   handler: "datadog_lambda.handler.handler" # Todo
    actions:
      - type: set-bucket-encryption
        crypto: AES256
        enabled: True

The environment block throws the following error:

custodian.commands:ERROR Error while executing policy s3-set-bucket-encryption, continuing
Traceback (most recent call last):
  File "/Users/ds05823/Library/Python/3.8/lib/python/site-packages/c7n/commands.py", line 301, in run
    policy()
  File "/Users/ds05823/Library/Python/3.8/lib/python/site-packages/c7n/policy.py", line 1240, in __call__
    resources = mode.provision()
  File "/Users/ds05823/Library/Python/3.8/lib/python/site-packages/c7n/policy.py", line 518, in provision
    return manager.publish(
  File "/Users/ds05823/Library/Python/3.8/lib/python/site-packages/c7n/mu.py", line 387, in publish
    result, changed = self._create_or_update(
  File "/Users/ds05823/Library/Python/3.8/lib/python/site-packages/c7n/mu.py", line 484, in _create_or_update
    new_config = func.get_config()
  File "/Users/ds05823/Library/Python/3.8/lib/python/site-packages/c7n/mu.py", line 706, in get_config
    if self.environment['Variables']:
KeyError: 'Variables'
2022-08-10 13:32:43,493: custodian.commands:ERROR The following policies had errors while executing
 - s3-set-bucket-encryption

And the handler property is not supported at all...
@kapilt
Copy link
Collaborator

kapilt commented Aug 10, 2022

yeah.. the environment handling in the policy is a little obtuse to specify, its a nested mapping with

environment: 
  Variables:
     key: value

we should probably support both a mapping or the nested mapping, the extant nested mapping was for a pass through to the api, but its definitely on the non obvious.

@dschro-1993
Copy link
Contributor Author

@kapilt Thx for your answer! Great stuff! Do you also have a solution for the handler? Is it defined under execution-options?

@dschro-1993
Copy link
Contributor Author

@kapilt I guess you've hardcoded the handler to be custodian_policy.run?
https://github.com/cloud-custodian/cloud-custodian/blob/master/c7n/mu.py#L829

You never thought about having a different entrypoint when using layers and extensions?

@Thanos666 Thanos666 mentioned this issue Aug 12, 2022
Merged
@ajkerrigan
Copy link
Member

Closed via #7652

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kapilt @ajkerrigan @dschro-1993