def _ensure_iam_default_role(self, session): iam = session.client('iam') try: role_resp = iam.get_role(RoleName='lambda_basic_execution') except ClientError: name = 'lambda_basic_execution' role_resp = iam.create_role( Path='/', RoleName=name, AssumeRolePolicyDocument=json.dumps( { 'Statement': [{ 'Action': 'sts:AssumeRole', 'Effect': 'Allow', 'Principal': { 'Service': 'lambda.amazonaws.com' }, 'Sid': '' }], 'Version': '2012-10-17' }, indent=2)) iam.put_role_policy( RoleName=name, PolicyName=name, PolicyDocument=json.dumps( { 'Version': '2012-10-17', 'Statement': [{ "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }] }, indent=2)) return role_resp['Role']['Arn']
def _ensure_iam_default_role(self, session): iam = session.client('iam') try: role_resp = iam.get_role(RoleName='lambda_basic_execution') except ClientError: name = 'lambda_basic_execution' role_resp = iam.create_role( Path='/', RoleName=name, AssumeRolePolicyDocument=json.dumps({ 'Statement': [ { 'Action': 'sts:AssumeRole', 'Effect': 'Allow', 'Principal': { 'Service': 'lambda.amazonaws.com' }, 'Sid': '' } ], 'Version': '2012-10-17' }, indent=2) ) iam.put_role_policy( RoleName=name, PolicyName=name, PolicyDocument=json.dumps({ 'Version': '2012-10-17', 'Statement': [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" } ] }, indent=2) ) return role_resp['Role']['Arn']
def upload(self, profile='default'): session = boto3.Session(region_name=self.config_data.get( 'region', 'us-east-1'), profile_name=profile) client = session.client('lambda') if self.config_data.get('role'): role = self.config_data.get('role') else: role = self._ensure_iam_default_role(session) # iam = session.client('iam') # try: # role_resp = iam.get_role(RoleName='lambda_basic_execution') # except ClientError: # name = 'lambda_basic_execution' # role_resp = iam.create_role( # Path='/', # RoleName=name, # AssumeRolePolicyDocument=json.dumps({ # 'Statement': [ # { # 'Action': 'sts:AssumeRole', # 'Effect': 'Allow', # 'Principal': { # 'Service': 'lambda.amazonaws.com' # }, # 'Sid': '' # } # ], # 'Version': '2012-10-17' # }, indent=2) # ) # iam.put_role_policy( # RoleName=name, # PolicyName=name, # PolicyDocument=json.dumps({ # 'Version': '2012-10-17', # 'Statement': [ # { # "Effect": "Allow", # "Action": [ # "logs:CreateLogGroup", # "logs:CreateLogStream", # "logs:PutLogEvents" # ], # "Resource": "arn:aws:logs:*:*:*" # } # ] # }, indent=2) # ) # role = role_resp['Role']['Arn'] try: func = client.get_function(FunctionName=self.config_data['name']) except ClientError: func = None for _ in range(5): try: with open(self.zip_file, 'rb') as f: func = client.create_function( FunctionName=self.config_data['name'], Runtime='python2.7', Role=role, Handler=self.config_data['handler'], Code={'ZipFile': f.read()}, Description=self.config_data.get( 'description', ''), Timeout=self.config_data.get('timeout', 3), MemorySize=self.config_data.get('memory', 128), Publish=self.config_data.get('publish', True), ) except ClientError as e: role_msg = ('The role defined for the task cannot be ' 'assumed by Lambda.') if e.response['Error']['Message'] == role_msg: time.sleep(2) else: raise else: break if not func: raise SystemExit('Error creating Lambda function: %s' % e.response['Error']['Message']) else: if self._get_sha256() != func['Configuration']['CodeSha256']: with open(self.zip_file, 'rb') as f: client.update_function_code( FunctionName=self.config_data['name'], ZipFile=f.read(), Publish=self.config_data.get('publish', True)) client.update_function_configuration( FunctionName=self.config_data['name'], Role=role, Handler=self.config_data['handler'], Description=self.config_data.get('description', ''), Timeout=self.config_data.get('timeout', 3), MemorySize=self.config_data.get('memory', 128))
def upload(self, profile='default'): session = boto3.Session( region_name=self.config_data.get('region', 'us-east-1'), profile_name=profile ) client = session.client('lambda') if self.config_data.get('role'): role = self.config_data.get('role') else: role = self._ensure_iam_default_role(session) # iam = session.client('iam') # try: # role_resp = iam.get_role(RoleName='lambda_basic_execution') # except ClientError: # name = 'lambda_basic_execution' # role_resp = iam.create_role( # Path='/', # RoleName=name, # AssumeRolePolicyDocument=json.dumps({ # 'Statement': [ # { # 'Action': 'sts:AssumeRole', # 'Effect': 'Allow', # 'Principal': { # 'Service': 'lambda.amazonaws.com' # }, # 'Sid': '' # } # ], # 'Version': '2012-10-17' # }, indent=2) # ) # iam.put_role_policy( # RoleName=name, # PolicyName=name, # PolicyDocument=json.dumps({ # 'Version': '2012-10-17', # 'Statement': [ # { # "Effect": "Allow", # "Action": [ # "logs:CreateLogGroup", # "logs:CreateLogStream", # "logs:PutLogEvents" # ], # "Resource": "arn:aws:logs:*:*:*" # } # ] # }, indent=2) # ) # role = role_resp['Role']['Arn'] try: func = client.get_function(FunctionName=self.config_data['name']) except ClientError: func = None for _ in range(5): try: with open(self.zip_file, 'rb') as f: func = client.create_function( FunctionName=self.config_data['name'], Runtime='python2.7', Role=role, Handler=self.config_data['handler'], Code={'ZipFile': f.read()}, Description=self.config_data.get('description', ''), Timeout=self.config_data.get('timeout', 3), MemorySize=self.config_data.get('memory', 128), Publish=self.config_data.get('publish', True), ) except ClientError as e: role_msg = ('The role defined for the task cannot be ' 'assumed by Lambda.') if e.response['Error']['Message'] == role_msg: time.sleep(2) else: raise else: break if not func: raise SystemExit('Error creating Lambda function: %s' % e.response['Error']['Message']) else: if self._get_sha256() != func['Configuration']['CodeSha256']: with open(self.zip_file, 'rb') as f: client.update_function_code( FunctionName=self.config_data['name'], ZipFile=f.read(), Publish=self.config_data.get('publish', True) ) client.update_function_configuration( FunctionName=self.config_data['name'], Role=role, Handler=self.config_data['handler'], Description=self.config_data.get('description', ''), Timeout=self.config_data.get('timeout', 3), MemorySize=self.config_data.get('memory', 128) )