Categorygithub.com/mr-joshcrane/glambda

modulepackage

0.1.1

Repository: https://github.com/mr-joshcrane/glambda.git

Documentation: pkg.go.dev

# README

Glambda Deployment Tool

Glambda is a simple tool for bundling and deploying AL2023 compatible Lambda functions written in Go. It provides an easy way to create, update and delete AWS Lambdas quickly from the command line using a compact set of commands.

Get started with Glambda by running the following command:

glambda deploy <lambdaName> <path/to/handler.go>

The intent is to maximise ease of use, at the expense of infinite customisability, and doesn't really play in the same space as SAM, CDK or Terraform.

If you'd prefer to use these more mature tools, consider using the package sub-command which will just write out a well formatted zip file ready to upload to AWS.

Why though?

AWS pivoted from a Go managed runtime to an OS only runtime. I'd argue that relative to the managed runtime, the OS only runtime has a much higher barrier to entry. Hence this libary!

You can learn more about it at https://docs.aws.amazon.com/lambda/latest/dg/lambda-golang.html

Prerequisites

To use Glambda, you will need an AWS account, and an AWS Access Key ID and Secret Access Key with the appropriate permissions to create and manage Lambda functions, as well as IAM roles.

Glambda will also assume the following AWS environment variables are set up:

export AWS_ACCESS_KEY_ID=<your-access-key-id>
export AWS_SECRET_ACCESS_KEY=<your-secret-access-key>
export AWS_DEFAULT_REGION=<your-region>

Installation

To install Glambda, run:

go install github.com/mr-joshcrane/glambda/cmd/glambda@latest

Usage

Package a lambda, ready for deployment

If you've already got a deployment tool you'd prefer to use, no problem. You can build the lambda zip file with the package sub-command.

## Default output path is "./bootstrap" which is what AWS will be expecting
glambda deploy package <path/to/handler.go>
## Alternatively you can provide the output path explicitly
glambda deploy package <path/to/handler.go> --output /my/custom/filepath/artifact.zip

From here you'll have the ability to take this zip file and do what needs doing in your tool of choice.

Create new lambdas directly

Run the following command to deploy a Lambda function with an associated execution role:

glambda deploy <lambdaName> <path/to/handler.go>

Replace <lambdaName> with the desired name for your Lambda function and <path/to/handler.go> with the path to your Lambda function's handler file.

The source file should have a main function that calls lambda.Start(handler). See https://pkg.go.dev/github.com/aws/aws-lambda-go/lambda#Start for more details.

Update existing lambdas

What's that? You've updated your code and need to deploy a new version of your Lambda function? No problem! Just run the same command as before, and Glambda will update the function code for you without recreating the lambda or the role.

In fact, assuming the path to your handler didnt change, we only need to run the same command!

glambda deploy <lambdaName> <path/to/handler.go>

Execution Role and Lambda Resource Permissions

OK, that's nice, but sometimes your role actually has to DO things. Like access S3 buckets or DynamoDB tables. No problem! Glambda can attach managed policies, inline policies, and resource policies to your Lambda function's execution role.

## Attach a managed policy by name or ARN to the Lambda function's execution roles
managedPolicies=S3FullAccess,arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess

## Attach an inline policy (as a JSON literal) to the Lambda function's execution roles
inlinePolicies='{"Effect": "Deny", "Action": "s3:GetObject", "Resource": "*"}'

## Attach a resource policy (as a JSON literal) to the Lambda function
resourcePolicies='{
            "Sid": "YourLambdaResourcePolicy",
            "Effect": "Allow",
            "Principal": {
              "Service": "events.amazonaws.com"
            },
            "Action": "lambda:InvokeFunction",
            "Resource":  "arn:aws:lambda:us-east-2:123456789012:function:my-function",
            "Condition": {
              "StringEquals": {
                "AWS:SourceAccount": "123456789012"
              }
        }'

glambda deploy <lambdaName> <path/to/handler.go> \
    --managed-policies ${managedPolicies} \
    --inline-policy ${inlinePolicies} \
    --resource-policy ${resourcePolicies}

Deleting lambdas and associated roles

Deleting your Lambda function and associated role is also easy, performed with the following command:

glambda delete <lambdaName>

# Packages

cmd

No description provided by the author

command

No description provided by the author

# Functions

AttachInLinePolicyCommand

AttachInLinePolicyCommand is a paperwork reducer that translates parameters into the smithy autogenerated AWS IAM SDKv2 format of [iam.PutRolePolicyInput].

AttachManagedPolicyCommand

GetRoleCommand is a paperwork reducer that translates parameters into the smithy autogenerated AWS IAM SDKv2 format of [iam.GetRoleInput].

CreateLambdaCommand

CreateLambdaCommand is a paperwork reducer that translates parameters into the smithy autogenerated AWS Lambda SDKv2 format of [lambda.CreateFunctionInput].

CreateRoleCommand

CreateRoleCommand is a paperwork reducer that translates parameters into the smithy autogenerated AWS IAM SDKv2 format of [iam.CreateRoleInput].

Delete

Delete is a convenience function that will delete a lambda function and the associated IAM Role.

Deploy

Deploy is a convenience function that will handle the paperwork that would otherwise fall to the user to manage.

GenerateUUID

No description provided by the author

GetAWSAccountID

GetAWSAccountID calls the AWS STS API to get the user credentials that the user is using to make the API call.

NewLambda

NewLambda is a constructor function that creates a new Lambda struct.

NewLambdaCreateAction

NewLambdaCreateAction is a constructor function that creates a new [LambdaCreateAction].

NewLambdaUpdateAction

NewLambdaUpdateAction is a constructor function that creates a new [LambdaUpdateAction].

NewRoleCreateOrUpdateAction

NewRoleCreateOrUpdateAction is a constructor function that creates a new [RoleCreateOrUpdate].

PackageTo

PackageTo takes a path to a file, attempts to build it for the ARM64 architecture and massages it into the format expected by AWS Lambda.

ParseInlinePolicy

ParseInlinePolicy takes a string representation of an inline policy.

ParseManagedPolicy

ParseManagedPolicy takes a string representation of a list of managed policies.

ParseResourcePolicy

ParseResourcePolicy takes a string representation of a AWS Lambda resource policy and returns a ResourcePolicy struct.

PrepareLambdaAction

PrepareLambdaAction is a function that creates a new [LambdaAction] struct.

PrepareRoleAction

PrepareRoleAction is a function that creates a new [RoleCreateOrUpdate] struct.

PutRolePolicyCommand

PutRolePolicyCommand is a paperwork reducer that takes the definition of an execution role and creates an appropriate [iam.PutRolePolicyInput] payload.

UpdateLambdaCommand

UpdateLambdaCommand is a paperwork reducer that translates parameters into the smithy autogenerated AWS Lambda SDKv2 format of [lambda.UpdateFunctionCodeInput].

Validate

Validate takes a path to a Go source file.

WaitForConsistency

WaitForConsistence deals with the fact that lambda functions are eventually consistent.

WithAWSConfig

WithAWSConfig is a deploy option that allows the user to provide a custom AWS Config to the [Lambda] struct.

WithInlinePolicy

WithInlinePolicy is a deploy option that allows the user to attach an inline policy to the [Lambda] struct.

WithManagedPolicies

WithManagedPolicies is a deploy option that allows the user to attach one or more managed policies to the [Lambda] struct.

WithResourcePolicy

WithResourcePolicy is a deploy option that allows the user to attach a resource policy to the [Lambda] struct.

# Variables

AWSAccountID

No description provided by the author

AWSLambdaBasicExecutionRole

No description provided by the author

DefaultAssumeRolePolicy

No description provided by the author

DefaultRetryWaitingPeriod

No description provided by the author

ThisAWSAccountCondition

No description provided by the author

UUID

No description provided by the author

# Structs

ExecutionRole

ExecutionRole is a struct that attempts to encapsulate all the information required to create an AWS IAM Role that the lambda function will assume and operate on behalf of.

Lambda

Lambda is a struct that attempts to encapsulate the neccessary information required to deploy a lambda function to AWS.

LambdaCreateAction

LambdaCreateAction is [LambdaAction] that will create a new lambda function, and potentially attach a resource policy to it.

LambdaUpdateAction

LambdaUpdateAction is [LambdaAction] that will update an existing lambda function.

ResourcePolicy

ResourcePolicy is a struct that represents the policy that will be attached to the lambda function.

RetryableErrors

No description provided by the author

RoleCreateOrUpdate

RoleCreateOrUpdate is a struct that implements the [RoleAction] interface.

# Interfaces

Action

Actions are at a high level a way to organise a set of operations that need to be performed with the AWS SDK and in which order.

IAMClient

IAMClient represents the interface that an iam client should implement.

LambdaAction

LambdaActions are any set of operations that requires the AWS Lambda service.

LambdaClient

LambdaClient represents the interface that a lambda client should implement.

RoleAction

RoleAction is a high level interface that represents a set of operations that come from attempting to manage the AWS IAM Role that will be used as the Lambda's execution role.

STSClient

STSClient represents the interface that an sts client should implement.

# Type aliases

DeployOptions

DeployOptions is any function that can be used to configure a [Lambda] struct before it is deployed.