-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(lambda): enable RuntimeManagementConfig (#23891)
Introducing AWS Lambda runtime management controls https://aws.amazon.com/jp/blogs/compute/introducing-aws-lambda-runtime-management-controls/ This setting achieves the following set values. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-functionruntimemanagementconfig I have not been able to test this CFn as it does not seem to be supported by cdk. It's only a design. Closes #23890. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information
1 parent
bdcd6c8
commit be4f971
Showing
16 changed files
with
656 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
import { CfnFunction } from './lambda.generated'; | ||
|
||
/** | ||
* Specify the runtime update mode. | ||
*/ | ||
export class RuntimeManagementMode { | ||
/** | ||
* Automatically update to the most recent and secure runtime version using Two-phase runtime version rollout. | ||
* We recommend this mode for most customers so that you always benefit from runtime updates. | ||
*/ | ||
public static readonly AUTO = new RuntimeManagementMode('Auto'); | ||
/** | ||
* When you update your function, Lambda updates the runtime of your function to the most recent and secure runtime version. | ||
* This approach synchronizes runtime updates with function deployments, | ||
* giving you control over when Lambda applies runtime updates. | ||
* With this mode, you can detect and mitigate rare runtime update incompatibilities early. | ||
* When using this mode, you must regularly update your functions to keep their runtime up to date. | ||
*/ | ||
public static readonly FUNCTION_UPDATE = new RuntimeManagementMode('Function update'); | ||
/** | ||
* You specify a runtime version in your function configuration. | ||
* The function uses this runtime version indefinitely. | ||
* In the rare case in which a new runtime version is incompatible with an existing function, | ||
* you can use this mode to roll back your function to an earlier runtime version. | ||
*/ | ||
public static manual(arn: string): RuntimeManagementMode { | ||
return new RuntimeManagementMode('Manual', arn); | ||
} | ||
|
||
/** | ||
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html | ||
*/ | ||
readonly runtimeManagementConfig: CfnFunction.RuntimeManagementConfigProperty; | ||
|
||
protected constructor(public readonly mode: string, public readonly arn?: string) { | ||
if (arn) { | ||
this.runtimeManagementConfig = { | ||
runtimeVersionArn: arn, | ||
updateRuntimeOn: mode, | ||
}; | ||
} else { | ||
this.runtimeManagementConfig = { | ||
updateRuntimeOn: mode, | ||
}; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
...a/test/integ.runtime-management.js.snapshot/aws-cdk-lambda-runtime-management.assets.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{ | ||
"version": "29.0.0", | ||
"files": { | ||
"45968e77d38b164ece946e2a09ba83ed011953b9ee4b075f276fd124c61df607": { | ||
"source": { | ||
"path": "aws-cdk-lambda-runtime-management.template.json", | ||
"packaging": "file" | ||
}, | ||
"destinations": { | ||
"current_account-current_region": { | ||
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", | ||
"objectKey": "45968e77d38b164ece946e2a09ba83ed011953b9ee4b075f276fd124c61df607.json", | ||
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" | ||
} | ||
} | ||
} | ||
}, | ||
"dockerImages": {} | ||
} |
91 changes: 91 additions & 0 deletions
91
...test/integ.runtime-management.js.snapshot/aws-cdk-lambda-runtime-management.template.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
{ | ||
"Resources": { | ||
"LambdaServiceRoleA8ED4D3B": { | ||
"Type": "AWS::IAM::Role", | ||
"Properties": { | ||
"AssumeRolePolicyDocument": { | ||
"Statement": [ | ||
{ | ||
"Action": "sts:AssumeRole", | ||
"Effect": "Allow", | ||
"Principal": { | ||
"Service": "lambda.amazonaws.com" | ||
} | ||
} | ||
], | ||
"Version": "2012-10-17" | ||
}, | ||
"ManagedPolicyArns": [ | ||
{ | ||
"Fn::Join": [ | ||
"", | ||
[ | ||
"arn:", | ||
{ | ||
"Ref": "AWS::Partition" | ||
}, | ||
":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" | ||
] | ||
] | ||
} | ||
] | ||
} | ||
}, | ||
"LambdaD247545B": { | ||
"Type": "AWS::Lambda::Function", | ||
"Properties": { | ||
"Code": { | ||
"ZipFile": "foo" | ||
}, | ||
"Role": { | ||
"Fn::GetAtt": [ | ||
"LambdaServiceRoleA8ED4D3B", | ||
"Arn" | ||
] | ||
}, | ||
"Handler": "index.handler", | ||
"Runtime": "nodejs18.x", | ||
"RuntimeManagementConfig": { | ||
"UpdateRuntimeOn": "Auto" | ||
} | ||
}, | ||
"DependsOn": [ | ||
"LambdaServiceRoleA8ED4D3B" | ||
] | ||
} | ||
}, | ||
"Parameters": { | ||
"BootstrapVersion": { | ||
"Type": "AWS::SSM::Parameter::Value<String>", | ||
"Default": "/cdk-bootstrap/hnb659fds/version", | ||
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" | ||
} | ||
}, | ||
"Rules": { | ||
"CheckBootstrapVersion": { | ||
"Assertions": [ | ||
{ | ||
"Assert": { | ||
"Fn::Not": [ | ||
{ | ||
"Fn::Contains": [ | ||
[ | ||
"1", | ||
"2", | ||
"3", | ||
"4", | ||
"5" | ||
], | ||
{ | ||
"Ref": "BootstrapVersion" | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." | ||
} | ||
] | ||
} | ||
} | ||
} |
1 change: 1 addition & 0 deletions
1
packages/@aws-cdk/aws-lambda/test/integ.runtime-management.js.snapshot/cdk.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"version":"29.0.0"} |
12 changes: 12 additions & 0 deletions
12
packages/@aws-cdk/aws-lambda/test/integ.runtime-management.js.snapshot/integ.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
{ | ||
"version": "29.0.0", | ||
"testCases": { | ||
"lambda-runtime-management/DefaultTest": { | ||
"stacks": [ | ||
"aws-cdk-lambda-runtime-management" | ||
], | ||
"assertionStack": "lambda-runtime-management/DefaultTest/DeployAssert", | ||
"assertionStackName": "lambdaruntimemanagementDefaultTestDeployAssertDE680AF3" | ||
} | ||
} | ||
} |
19 changes: 19 additions & 0 deletions
19
...management.js.snapshot/lambdaruntimemanagementDefaultTestDeployAssertDE680AF3.assets.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{ | ||
"version": "29.0.0", | ||
"files": { | ||
"21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { | ||
"source": { | ||
"path": "lambdaruntimemanagementDefaultTestDeployAssertDE680AF3.template.json", | ||
"packaging": "file" | ||
}, | ||
"destinations": { | ||
"current_account-current_region": { | ||
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", | ||
"objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", | ||
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" | ||
} | ||
} | ||
} | ||
}, | ||
"dockerImages": {} | ||
} |
36 changes: 36 additions & 0 deletions
36
...nagement.js.snapshot/lambdaruntimemanagementDefaultTestDeployAssertDE680AF3.template.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"Parameters": { | ||
"BootstrapVersion": { | ||
"Type": "AWS::SSM::Parameter::Value<String>", | ||
"Default": "/cdk-bootstrap/hnb659fds/version", | ||
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" | ||
} | ||
}, | ||
"Rules": { | ||
"CheckBootstrapVersion": { | ||
"Assertions": [ | ||
{ | ||
"Assert": { | ||
"Fn::Not": [ | ||
{ | ||
"Fn::Contains": [ | ||
[ | ||
"1", | ||
"2", | ||
"3", | ||
"4", | ||
"5" | ||
], | ||
{ | ||
"Ref": "BootstrapVersion" | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." | ||
} | ||
] | ||
} | ||
} | ||
} |
Oops, something went wrong.