gpt4 book ai didi

amazon-web-services - 通过 Cloudformation、CodeBuild 和 CodePipeline 将 python 包部署到 AWS Lambda

转载 作者:行者123 更新时间:2023-12-04 08:09:14 25 4
gpt4 key购买 nike

我想为我的 AWS 基础设施和 AWS Lambda 函数设置 CI/CD 管道。这个想法是让一切都在代码中,进行版本控制和自动化。我只想将 git Push 推送到存储库,并让 CodePipeline 从那里接管,更新我的基础设施、运行测试,如果成功,则使用最新代码更新我的 Lambda 函数。

我的 CloudFormation 模板基于 this excellent example 。它看起来像这样:

AWSTemplateFormatVersion: 2010-09-09
Description: playground pipeline 1
Parameters:
SourceRepositoryName:
Type: String
Default: lambda-playground
SourceBranchName:
Type: String
Default: master

Resources:
ArtifactsBucket:
Type: AWS::S3::Bucket
DependsOn: CloudFormationRole
DeletionPolicy: Delete
Properties:
BucketName: lambda-playground-artifacts

CodeBuildRole:
Type: AWS::IAM::Role
DependsOn: CloudFormationRole
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- codebuild.amazonaws.com
Policies:
- PolicyName: ServiceRole
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: CloudWatchWriteLogsPolicy
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: '*'
- Sid: CodeCommitPullPolicy
Effect: Allow
Action:
- codecommit:GitPull
Resource: '*'
- Sid: S3GetObjectPolicy
Effect: Allow
Action:
- s3:GetObject
- s3:GetObjectVersion
Resource: '*'
- Sid: S3PutObjectPolicy
Effect: Allow
Action:
- s3:PutObject
Resource: '*'

CodePipelineRole:
Type: AWS::IAM::Role
DependsOn: CloudFormationRole
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- codepipeline.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess

CloudFormationRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- cloudformation.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess

CodeCommitRepository:
Type: AWS::CodeCommit::Repository
Properties:
RepositoryName: !Ref SourceRepositoryName

CodeBuildProject:
Type: AWS::CodeBuild::Project
DependsOn: CloudFormationRole
Properties:
Description: A playground of Lambda
Artifacts:
Type: CODEPIPELINE
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/python:2.7.12
Type: LINUX_CONTAINER
Name: lambda-playground
ServiceRole: !GetAtt CodeBuildRole.Arn
Source:
Type: CODEPIPELINE
TimeoutInMinutes: 5

CodePipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
ArtifactStore:
Type: S3
Location: !Ref ArtifactsBucket
Name: !Ref AWS::StackName
RestartExecutionOnUpdate: true
RoleArn: !GetAtt CodePipelineRole.Arn
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeCommit
Version: 1
Configuration:
RepositoryName: !Ref SourceRepositoryName
BranchName: !Ref SourceBranchName
OutputArtifacts:
- Name: SourceOutput
- Name: PipelineDeploy
Actions:
- Name: UpdatePipeline
ActionTypeId:
Category: Deploy
Owner: AWS
Provider: CloudFormation
Version: 1
Configuration:
ActionMode: CREATE_UPDATE
Capabilities: CAPABILITY_IAM
RoleArn: !GetAtt CloudFormationRole.Arn
StackName: !Ref AWS::StackName
TemplatePath: SourceOutput::infra.yml
InputArtifacts:
- Name: SourceOutput
- Name: Build
Actions:
- Name: BuildAndTest
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: 1
Configuration:
ProjectName: !Ref CodeBuildProject
InputArtifacts:
- Name: SourceOutput
OutputArtifacts:
- Name: BuildOutput

LambdaFunction:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: !Ref ArtifactsBucket
S3Key: !Ref BuildOutput # DOES NOT WORK
FunctionName: playground-fc
Handler: src.main.handler
# TODO: Role: foo
Runtime: python2.7

Outputs:
ArtifactsBucketURL:
Description: Artifacts bucket URL
Value: !GetAtt ArtifactsBucket.WebsiteURL
RepositoryURL:
Description: SSH URL of the repository
Value: !GetAtt CodeCommitRepository.CloneUrlSsh

因此,我有一个具有 3 个阶段的 CodePipeline - Source,它从 CodeCommit 存储库获取代码,PipelineDeploy,它在必要时更新我的​​ CloudFormation 堆栈,并 Build ,它运行已配置的 CodeBuild 项目。

我的 buildspec.yml 在这里:

version: 0.1

phases:
install:
commands:
- pip install -r requirements.txt -t lib
pre_build:
commands:
- python lib/pytest.py src
artifacts:
type: zip
files:
- src/**/*
- lib/**/*

它只是安装必要的库,通过 pytest 运行测试并创建部署 zip。该 zip 文件就是 Build 阶段的 OutputArtifact,并存储在 ArtifactsBucket 中。但是,每次它都会获得一个唯一的名称(例如 dfVV6Uh),这是有道理的,但我不知道如何在 LambdaFunction -> Properties -> Code -> S3Key 字段中引用它。

所以我的问题是,如何创建一个堆栈/管道,在完成所有步骤后,将最新版本部署到我的 AWS Lambda 函数?有没有办法使用 CodeDeploy 来做到这一点?这里的最佳实践是什么?

最佳答案

您可以使用 Parameter OverrideFn::GetArtifactAtt ObjectKey 属性,用于动态向您的 CloudFormation 部署操作提供由 AWS CodePipeline 生成的工件 .zip 的名称。

使用您的示例,UpdatePipeline CloudFormation 部署操作的配置将如下所示:

Configuration:
ActionMode: CREATE_UPDATE
Capabilities: CAPABILITY_IAM
RoleArn: !GetAtt CloudFormationRole.Arn
StackName: !Ref AWS::StackName
TemplatePath: SourceOutput::infra.yml
ParameterOverrides:
{
"LambdaKey" : { "Fn::GetArtifactAtt" : ["LambdaFunctionSource", "ObjectKey"]}
}
InputArtifacts:
- Name: SourceOutput
- Name: BuildOutput

然后,在 CloudFormation 堆栈模板中声明并引用 LambdaKey 参数:

Parameters:
LambdaKey:
Type: String
# ...
Resources:
LambdaFunction:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: !Ref ArtifactsBucket
S3Key: !Ref LambdaKey
# ...

关于amazon-web-services - 通过 Cloudformation、CodeBuild 和 CodePipeline 将 python 包部署到 AWS Lambda,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42418891/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com