python - 本地调试 python 3.7 AWS lambda

Question

我使用运行时 python 3.7 为 AWS Lambda 创建了一个包含 main.py 和入口点 handler 函数的 zip 文件。

该 zip 文件使用 3.7.3 python 打包在 EC2 上的 Amazon Linux 镜像内。

我在 AWS lambda 上运行时遇到一些错误，因此决定是否有办法在本地运行该函数。

我的 main.py 如下:

import datetime
import logging
import os
import re
import subprocess

import boto3
import certbot.main
import raven

logger = logging.getLogger()
logger.setLevel(logging.INFO)

def list_files(folder_path):
  onlyfiles = [f for f in listdir(folder_path) if path.isfile(path.join(folder_path, f))]
  logger.info('## path')
  logger.info(onlyfiles)


def read_and_delete_file(path):
  with open(path, 'r') as file:
    contents = file.read()
  os.remove(path)
  return contents


def provision_cert(email, domains):
  certbot.main.main([
    'certonly',                             # Obtain a cert but don't install it
    '-n',                                   # Run in non-interactive mode
    '--agree-tos',                          # Agree to the terms of service,
    '--email', email,                       # Email
    '--dns-route53',                        # Use dns challenge with route53
    '-d', domains,                          # Domains to provision certs for
    # Override directory paths so script doesn't have to be run as root
    '--config-dir', '/tmp/config-dir/',
    '--work-dir', '/tmp/work-dir/',
    '--logs-dir', '/tmp/logs-dir/',
  ])

  first_domain = domains.split(',')[0]
  first_domain_cert_folder = re.sub('\*\.', '', first_domain)
  path = '/tmp/config-dir/live/' + first_domain_cert_folder + '/'
  logger.info('## path')
  logger.info(path)

  list_files(path)

  return {
    'certificate': read_and_delete_file(path + 'cert.pem'),
    'private_key': read_and_delete_file(path + 'privkey.pem'),
    'certificate_chain': read_and_delete_file(path + 'fullchain.pem')
  }

def should_provision(domains):
  existing_cert = find_existing_cert(domains)
  if existing_cert:
    now = datetime.datetime.now(datetime.timezone.utc)
    not_after = existing_cert['Certificate']['NotAfter']
    return (not_after - now).days <= 30
  else:
    return True

def find_existing_cert(domains):
  domains = frozenset(domains.split(','))

  client = boto3.client('acm')
  paginator = client.get_paginator('list_certificates')
  iterator = paginator.paginate(PaginationConfig={'MaxItems':1000})

  for page in iterator:
    for cert in page['CertificateSummaryList']:
      cert = client.describe_certificate(CertificateArn=cert['CertificateArn'])
      sans = frozenset(cert['Certificate']['SubjectAlternativeNames'])
      if sans.issubset(domains):
        return cert

  return None

def notify_via_sns(topic_arn, domains, certificate):
  process = subprocess.Popen(['openssl', 'x509', '-noout', '-text'],
    stdin=subprocess.PIPE, stdout=subprocess.PIPE, encoding='utf8')
  stdout, stderr = process.communicate(certificate)

  client = boto3.client('sns')
  client.publish(TopicArn=topic_arn,
    Subject='Issued new LetsEncrypt certificate',
    Message='Issued new certificates for domains: ' + domains + '\n\n' + stdout,
  )

def upload_cert_to_acm(cert, domains):
  existing_cert = find_existing_cert(domains)
  certificate_arn = existing_cert['Certificate']['CertificateArn'] if existing_cert else None

  client = boto3.client('acm')
  acm_response = client.import_certificate(
    CertificateArn=certificate_arn,
    Certificate=cert['certificate'],
    PrivateKey=cert['private_key'],
    CertificateChain=cert['certificate_chain']
  )

  return None if certificate_arn else acm_response['CertificateArn']

def handler(event, context):
  try:
    domains = os.environ['LETSENCRYPT_DOMAINS']
    if should_provision(domains):
      cert = provision_cert(os.environ['LETSENCRYPT_EMAIL'], domains)
      upload_cert_to_acm(cert, domains)
      notify_via_sns(os.environ['NOTIFICATION_SNS_ARN'], domains, cert['certificate'])
  except:
    client = raven.Client(os.environ['SENTRY_DSN'], transport=raven.transport.http.HTTPTransport)
    client.captureException()
    raise

zip 文件大约 20mb。我发现resources关于 AWS 本地调试，但坦率地说，我对如何开始有点迷失。

虽然我对 Python 相当熟悉，但总体来说我对 AWS 和 Lambda 不是很熟悉。

我使用的是 macOS mojave，并使用 Visual Studio Code 作为我的编辑器。如果有帮助的话，我可以在我的 mac 上创建 virtualenv。

如何在本地 MacBook Pro 上调试 lambda？

Answer 1

正如您所发现的，您可以使用 AWS SAM(与 Docker)进行本地调试。

以下是入门的分步指南:

先决条件

1. 安装 Docker:https://docs.docker.com/install/
2. 安装 AWS CLI:https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html
3. 安装 AWS SAM CLI:https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html
4. 安装pipenv:https://pipenv.kennethreitz.org/en/latest/install/

创建示例项目

有助于让您了解结构并在本地进行调试 - 然后您可以用您自己的示例代码替换示例代码。

sam init --runtime python3.7

添加依赖项

pipenv shell
pipenv install package-names

本地运行和调试

pipenv lock -r > requirements.txt
sam build --manifest requirements.txt
sam local invoke HelloWorldFunction --event event.json

部署到 AWS Lambda

如果需要，创建一个新存储桶，用于存储函数代码:

aws s3 mb s3://存储桶名称

创建并运行 .sh 脚本:

#!/bin/bash

pipenv lock -r > requirements.txt && sam build --manifest requirements.txt

sam package \
    --output-template-file packaged.yaml \
    --s3-bucket bucket-name

sam deploy \
    --template-file packaged.yaml \
    --stack-name name-of-lambda-stack \
    --capabilities CAPABILITY_IAM \
    --region us-east-1

替换:

• bucket-name 为存储函数代码的 S3 存储桶的名称
• name-of-lambda-stack 以及要部署到的 AWS Lambda 堆栈的名称
• us-east-1 与另一个 region如果需要的话

您的函数现已部署到 AWS Lambda。