We like to move it move it - Serverless Lambda transport between development stages
You want to ship the very same code you have tested from test stage to production stage. But most of the time a CICD pipeline re-creates the code to deploy to production. So you do not deploy the tested code! With the AWS Lambda transport tool you can move the very same code you have tested to production or between stages in different accounts.
Why should I do this, my development pipeline works fine?
In 95% of the cases, you may be right. But if you want to be 100% sure, you should not re-create the code, but use the same binary package aka zip for the lambda. If you already use a build to deploy it to dev and after successful test deploy the very same binary package to the next development stage, you do not need the transport tool. But if you create the binary from a pipeline, you may be shipping untested code.
Re-Creation deployment
This is how deployment with a deployment pipeline works. The code is re-created and deployed to the next stage.
Integration test and manual test are performed in the test account with the test build.
Usually this approach works. But the following errors could occur:
- The code in the repository is changed between the test and production deployment.
- Deployment to test was done with different git commit in the repository than the deployment to production.
- Libraries which are downloaded during the build process are updated between the test and production deployment.
- This can occur if you not have pinned the version of the libraries in the build process.
- With open source libraries it is not guaranteed that the same version is downloaded during the build process.
So to be really sure, that the tested code is deployed to production you need to deploy the build artifact from the test stage to the production stage.
Lambda stores its application code as a zip file in an S3 bucket. You an download the application zip artifact from the test stage and upload it to the production stage. The Lambda transport tool copies the zip file from the test stage to the production stage.
How Transport deployment works
When you transport the zipped artifact, you are 100% sure that the tested application is deployed to production.
You have to make sure that changes to the Lambda resource (not the application artifact) like environment variables, memory, timeout, etc. are deployed before changing the code.
- Download the zip file from the test stage
getFunctionOutput, err := client.GetFunction(context.TODO(), &lambda.GetFunctionInput{
FunctionName: &functionName,
})
The response from the Lambda function call GetFunction contains a Code attribute.
Code
The deployment package of the function or version.
Type: FunctionCodeLocation object
In the Location attribute you find a pre-signed URL that you can use to download the deployment package.
Using the transport tool
You define the stage accounts, the name of the lambda function and the regions in a configuration file. Then you call the transport tool with the stage name.
transport -h ─╯
Usage of ./transport:
-help
Display help message
-stage string
define the application stage
-verbose
Display more messages
See details of configuration in github page.
- Create Lambda Resource in both accounts
- Define access policies in both accounts
- Create code packages in source account
- Test Lambda function in source account
- Transport it to target account
transport --stage dev
time=2024-08-25T14:11:22.693+02:00 level=INFO msg="Downloaded the ZIP file from the source lambda function" filename=downloads/transfertest.zip
time=2024-08-25T14:11:22.882+02:00 level=INFO msg="Uploaded the ZIP file to the target lambda function" functionName=transfertest revisionId=cdff1079-5f14-47bc-9a64-acd90dc9196d
Installation
The cli tool is a single binary. Get the right version for your OS from the release page.
Other Use Cases
Testing orchestrated Lambda functions
As I discussed in The cuckoo egg testing lambda you can use replacing dependent Lambda functions with a binary.
In an distributed environment you want to test Function code independently from each other. So you could replace the functions not-in-test with mock code, which gives a defined response.
Using the downloaded packages
The lambda code from the source account is locally stored in the downloads directory.
You may use this zip for analysis or backup.
l downloads
total 8
-rw-r--r--@ 1 gglawe staff 269 25 Aug 14:11 transfertest.zip
Show all entries in the zip package:
unzip -t downloads/transfertest.zip
Archive: downloads/transfertest.zip
testing: index.mjs OK
No errors detected in compressed data of downloads/transfertest.zip.
Summary
Re-Creating Lambda function for stage deployment can result in different packages being deployed. A fast and clean way to avoid that is using a Lambda transport.
The Lambda transport CLI tool helps you do the job.
See also
What’s next?
If you need AWS training, developers and consulting for your next cloud project, GenAI or not, don’t hesitate to contact us, tecRacer.
Want to learn GO on AWS? GO here
Enjoy building!
