def _ensure_iam_default_role(self, session):
iam = session.client('iam')
try:
role_resp = iam.get_role(RoleName='lambda_basic_execution')
except ClientError:
name = 'lambda_basic_execution'
role_resp = iam.create_role(
Path='/',
RoleName=name,
AssumeRolePolicyDocument=json.dumps(
{
'Statement': [{
'Action': 'sts:AssumeRole',
'Effect': 'Allow',
'Principal': {
'Service': 'lambda.amazonaws.com'
},
'Sid': ''
}],
'Version':
'2012-10-17'
},
indent=2))
iam.put_role_policy(
RoleName=name,
PolicyName=name,
PolicyDocument=json.dumps(
{
'Version':
'2012-10-17',
'Statement': [{
"Effect":
"Allow",
"Action": [
"logs:CreateLogGroup", "logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource":
"arn:aws:logs:*:*:*"
}]
},
indent=2))
return role_resp['Role']['Arn']
def _ensure_iam_default_role(self, session):
iam = session.client('iam')
try:
role_resp = iam.get_role(RoleName='lambda_basic_execution')
except ClientError:
name = 'lambda_basic_execution'
role_resp = iam.create_role(
Path='/',
RoleName=name,
AssumeRolePolicyDocument=json.dumps({
'Statement': [
{
'Action': 'sts:AssumeRole',
'Effect': 'Allow',
'Principal': {
'Service': 'lambda.amazonaws.com'
},
'Sid': ''
}
],
'Version': '2012-10-17'
}, indent=2)
)
iam.put_role_policy(
RoleName=name,
PolicyName=name,
PolicyDocument=json.dumps({
'Version': '2012-10-17',
'Statement': [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}, indent=2)
)
return role_resp['Role']['Arn']
def upload(self, profile='default'):
session = boto3.Session(region_name=self.config_data.get(
'region', 'us-east-1'),
profile_name=profile)
client = session.client('lambda')
if self.config_data.get('role'):
role = self.config_data.get('role')
else:
role = self._ensure_iam_default_role(session)
# iam = session.client('iam')
# try:
# role_resp = iam.get_role(RoleName='lambda_basic_execution')
# except ClientError:
# name = 'lambda_basic_execution'
# role_resp = iam.create_role(
# Path='/',
# RoleName=name,
# AssumeRolePolicyDocument=json.dumps({
# 'Statement': [
# {
# 'Action': 'sts:AssumeRole',
# 'Effect': 'Allow',
# 'Principal': {
# 'Service': 'lambda.amazonaws.com'
# },
# 'Sid': ''
# }
# ],
# 'Version': '2012-10-17'
# }, indent=2)
# )
# iam.put_role_policy(
# RoleName=name,
# PolicyName=name,
# PolicyDocument=json.dumps({
# 'Version': '2012-10-17',
# 'Statement': [
# {
# "Effect": "Allow",
# "Action": [
# "logs:CreateLogGroup",
# "logs:CreateLogStream",
# "logs:PutLogEvents"
# ],
# "Resource": "arn:aws:logs:*:*:*"
# }
# ]
# }, indent=2)
# )
# role = role_resp['Role']['Arn']
try:
func = client.get_function(FunctionName=self.config_data['name'])
except ClientError:
func = None
for _ in range(5):
try:
with open(self.zip_file, 'rb') as f:
func = client.create_function(
FunctionName=self.config_data['name'],
Runtime='python2.7',
Role=role,
Handler=self.config_data['handler'],
Code={'ZipFile': f.read()},
Description=self.config_data.get(
'description', ''),
Timeout=self.config_data.get('timeout', 3),
MemorySize=self.config_data.get('memory', 128),
Publish=self.config_data.get('publish', True),
)
except ClientError as e:
role_msg = ('The role defined for the task cannot be '
'assumed by Lambda.')
if e.response['Error']['Message'] == role_msg:
time.sleep(2)
else:
raise
else:
break
if not func:
raise SystemExit('Error creating Lambda function: %s' %
e.response['Error']['Message'])
else:
if self._get_sha256() != func['Configuration']['CodeSha256']:
with open(self.zip_file, 'rb') as f:
client.update_function_code(
FunctionName=self.config_data['name'],
ZipFile=f.read(),
Publish=self.config_data.get('publish', True))
client.update_function_configuration(
FunctionName=self.config_data['name'],
Role=role,
Handler=self.config_data['handler'],
Description=self.config_data.get('description', ''),
Timeout=self.config_data.get('timeout', 3),
MemorySize=self.config_data.get('memory', 128))
def upload(self, profile='default'):
session = boto3.Session(
region_name=self.config_data.get('region', 'us-east-1'),
profile_name=profile
)
client = session.client('lambda')
if self.config_data.get('role'):
role = self.config_data.get('role')
else:
role = self._ensure_iam_default_role(session)
# iam = session.client('iam')
# try:
# role_resp = iam.get_role(RoleName='lambda_basic_execution')
# except ClientError:
# name = 'lambda_basic_execution'
# role_resp = iam.create_role(
# Path='/',
# RoleName=name,
# AssumeRolePolicyDocument=json.dumps({
# 'Statement': [
# {
# 'Action': 'sts:AssumeRole',
# 'Effect': 'Allow',
# 'Principal': {
# 'Service': 'lambda.amazonaws.com'
# },
# 'Sid': ''
# }
# ],
# 'Version': '2012-10-17'
# }, indent=2)
# )
# iam.put_role_policy(
# RoleName=name,
# PolicyName=name,
# PolicyDocument=json.dumps({
# 'Version': '2012-10-17',
# 'Statement': [
# {
# "Effect": "Allow",
# "Action": [
# "logs:CreateLogGroup",
# "logs:CreateLogStream",
# "logs:PutLogEvents"
# ],
# "Resource": "arn:aws:logs:*:*:*"
# }
# ]
# }, indent=2)
# )
# role = role_resp['Role']['Arn']
try:
func = client.get_function(FunctionName=self.config_data['name'])
except ClientError:
func = None
for _ in range(5):
try:
with open(self.zip_file, 'rb') as f:
func = client.create_function(
FunctionName=self.config_data['name'],
Runtime='python2.7',
Role=role,
Handler=self.config_data['handler'],
Code={'ZipFile': f.read()},
Description=self.config_data.get('description',
''),
Timeout=self.config_data.get('timeout', 3),
MemorySize=self.config_data.get('memory', 128),
Publish=self.config_data.get('publish', True),
)
except ClientError as e:
role_msg = ('The role defined for the task cannot be '
'assumed by Lambda.')
if e.response['Error']['Message'] == role_msg:
time.sleep(2)
else:
raise
else:
break
if not func:
raise SystemExit('Error creating Lambda function: %s' %
e.response['Error']['Message'])
else:
if self._get_sha256() != func['Configuration']['CodeSha256']:
with open(self.zip_file, 'rb') as f:
client.update_function_code(
FunctionName=self.config_data['name'],
ZipFile=f.read(),
Publish=self.config_data.get('publish', True)
)
client.update_function_configuration(
FunctionName=self.config_data['name'],
Role=role,
Handler=self.config_data['handler'],
Description=self.config_data.get('description', ''),
Timeout=self.config_data.get('timeout', 3),
MemorySize=self.config_data.get('memory', 128)
)
