Ever wish you could combine the portability of containers, with the scalability of Lambda functions? Well, now you can! This enables us to build a Lambda with a docker image of your own creation. The benefit of this is we can now in a way that is more familiar to developers. If you have used docker containers before, then this is much simpler to get started with than the other option - Lambda layers. Recently, AWS released a new way for developers to package and deploy their Lambda functions as “Container Images”. easily include dependencies along with our code AWS has provided developers with a number of base images for each of the current Lambda runtimes (Python, Node.js, Java, .NET, Go, Ruby). It is easy for a developer to then use one of these images as a base and build their own image on top. Of course, there are many sensible use cases for container images. Perhaps you want to include some machine learning dependencies? Maybe you would love to have FFMPEG in your Lambda for your video processing needs? Or you want to nuke your entire AWS account to avoid a hefty bill? In this article, we are going to build a container image with installed! This will delete everything in an AWS account (excluding our fancy new container image Lambda). Nuke is built using Go but we are going to get started with the and . This library isn’t available on NPM, so there is no easy way to pull it into our Lambda function, but container images provide a way for developers to mix and match different tools to build a scalable solution to the problem they are trying to solve. AWS-nuke node.js base image build our own Lambda using JavaScript To get started with our new container image, we can create a Dockerfile like so: public.ecr.aws/lambda/nodejs: FROM 12 COPY ./lambda/nuke.js ./lambda/package*.json ./ RUN npm install CMD [ ] "nuke.lambdaHandler" As you can see, we are building from the base image, and copying over our Lambda function code. Notice the last line of our Dockerfile, . Because we are using one of the base images, it comes pre-installed with the . lambda/nodejs:12 CMD [ "nuke.lambdaHandler" ] Lambda Runtime Interface Client The runtime interface client in your container image manages the interaction between Lambda and your function code. The Runtime API, along with the Extensions API, defines a simple HTTP interface for runtimes to receive invocation events from Lambda and respond with success or failure indications. Therefore lets the interface client know what handler function to call when it receives an invocation event. CMD [ "nuke.lambdaHandler" ] Before we add the nuclear option, let's create the skeleton for our handler function: exports.lambdaHandler = (event) => { response = { : }; response;
}; async const statusCode 200 return For now, it simply returns a 200 response. Not only does our container image include the Lambda Runtime Interface Client but it also includes the . This allows you to test your function locally, which in my opinion, is one of the killer reasons to adopt container images for your project. Runtime Interface Emulator Given we have a project structure like this: .
├── Dockerfile
├── docker-compose └── lambda
    ├── nuke └── package.json .yml .js Then to build our container image, we simply use the docker cli: docker build -f ./Dockerfile -t instil-nuke . And to run it locally: docker run -p 9000:8080 instil-nuke Then to test our function locally, we just need to hit our lambda with an http request. In this example we are posting an empty JSON body: ➜  curl -XPOST -d { : }% "http://localhost:9000/2015-03-31/functions/function/invocations" '{}' "statusCode" 200 The URL seems strange, but the Runtime Interface Emulator is simply providing an endpoint that matches the . The only difference between this local URL and the real API URL is that our function name is . Invoke endpoint of the Lambda API hardcoded as a function Being able to run our function locally like this when developing your Lambda. There are other options out there for running Lambdas locally; for example, , but the container image approach gives you a local test environment that is much closer to how it will be run on AWS. greatly reduces the feedback loop sam local Now that we have our project structure in place, let's take a look at adding AWS-nuke to our container image. public.ecr.aws/lambda/nodejs: FROM 12 LABEL maintainer= "Instil <team@instil.co>" RUN yum -y update RUN yum -y install tar gzip COPY ./resources/aws-nuke-v2.15.0.rc.3-linux-amd64.tar.gz ./resources/nuke-config.yml ./ RUN tar -xzf ./aws-nuke-v2.15.0.rc.3-linux-amd64.tar.gz && mv aws-nuke-v2.15.0.rc.3-linux-amd64 aws-nuke COPY ./lambda/nuke.js ./lambda/package*.json ./ RUN npm install CMD [ ] "nuke.lambdaHandler" Adding dependencies is just how you would expect if you have used docker before. In the above example, we are adding dependencies using yum and copying the nuke onto our image. Then, all we need to do is update our function to execute the AWS-nuke. { execSync } = ( ); { .log(command); result = execSync(command, { : }); (result) { .log(result.toString());
    }
} { .log( ); accessKey = process.env.AWS_ACCESS_KEY_ID; secretAccessKey = process.env.AWS_SECRET_ACCESS_KEY; sessionToken = process.env.AWS_SESSION_TOKEN;
    run( ); .log( );
}

exports.lambdaHandler = (event) => {
    nuke(); response = { : }; response;
}; const require 'child_process' ( ) function run command console const stdio 'inherit' if console ( ) function nuke console "Nuking this AWS account..." const const const `./aws-nuke -c nuke-config.yml --access-key-id --secret-access-key --session-token --force --force-sleep 3` ${accessKey} ${secretAccessKey} ${sessionToken} console "Your AWS account has been nuked, you can sleep peacefully knowing that you will no longer get an unexpected bill." async const statusCode 200 return We can use to execute a command in our running lambda, it’s easy to see how simple it is to utilize external dependencies in our Lambda environment with this new container image option. Notice that we are pulling AWS access tokens from environment variables so that nuke can use them, this is the for Lambda functions and they are the access keys obtained from the function’s execution role. execSync default behaviour With our updated container image ready to nuke our account, all we need to do is deploy it. For this we need to create an ECR repository and push our image to it: # Replace [AWS_ACCOUNT_NUMBER] your own AWS account number
aws ecr create-repository --repository-name instil-nuke --image-scanning-configuration scanOnPush= docker tag instil-nuke:latest [AWS_ACCOUNT_NUMBER].dkr.ecr.eu-west amazonaws.com/instil-nuke:latest
aws ecr get-login-password | docker login --username AWS --password-stdin [AWS_ACCOUNT_NUMBER].dkr.ecr.eu-west amazonaws.com
docker push [AWS_ACCOUNT_NUMBER].dkr.ecr.eu-west amazonaws.com/instil-nuke:latest with true -1. -1. -1. Now that our container image lives in AWS, we just need to create our Lambda function. In the Create function page of the AWS management console, you will notice there is a new option to use a Container image as your starting point: Choosing this option then enables you to pick your container image; click the Browse images button to select your freshly uploaded image. You should be left with something like this: And that’s it! All that’s left to do is trigger our Lambda function. For our example, we detonate the nuke once we get a billing alarm over a certain threshold. For the sake of keeping this article focused on container images, let's just trigger it with a test event for now and inspect the output. We will publish another article in the future explaining how to hook this up to a billing alarm. could Notice the very disappointing output of our detonation: The above would be deleted the supplied configuration. Provide --no-dry-run actually destroy . resources with to resources You didn’t think I was actually going to did you? 😊 nuke my AWS account, If you would like to speak to us about how we can help your business either with serverless training or software development, please . get in touch by email . This article was originally posted here

Read all about our latest development projects, training courses and company news 

Too Long; Didn't Read

Make resilience your competitive advantage

Exploring The Container Images Function in AWS Lambda

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

101 Stories To Learn About Cloud Infrastructure

10 Things in Engineering We Don't Spend Enough Time On

10 Things I Did To Increase CloudTrail Logs Security

10 reasons to give cloud computing a go

10 Lessons from 10 Years of AWS (part 2)

101 Stories To Learn About Cloud Infrastructure

10 Things in Engineering We Don't Spend Enough Time On

10 Things I Did To Increase CloudTrail Logs Security

10 reasons to give cloud computing a go

10 Lessons from 10 Years of AWS (part 2)

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps