如何在创建lambda函数的源代码哈希上更新?
我正在使用Terraform创建AWS lambda功能,并将包装存储在S3存储桶中。简而言之,我并不包括所有代码
// Create S3 Bucket
resource "aws_s3_bucket" "this" {
bucket = var.s3_bucket
}
// Create lambda function
resource "aws_lambda_function" "middleware" {
function_name = var.function_name
s3_bucket = var.s3_bucket
s3_key = var.s3_bucket_key
source_code_hash = var.source_code_hash //to trigger updates
runtime = "nodejs14.x"
memory_size = 1024
timeout = 900
handler = "dist/src/lambda.handler"
role = var.role
environment {
variables = {
DATABASE_URL = "postgres://****"
}
}
}
Terraform用于创建基础架构,该基础架构不会经常更改,因此我计划将TerraForm部署与应用程序代码部署分开。在这种情况下,应用程序代码是中间件代码。
应用程序代码部署(使用CI/CD)将创建一个软件包,并将其上传到Lambda将使用的S3存储桶中。但是,每次生成新软件包时,其source_code_hash都会有所不同,我相信lambda将需要更新的哈希。
问题 1>在应用程序部署期间,我不想通过传递新的source_code_hash再次应用Terraform。 (这可能是通过不小心更新基础架构来容易出错的过程) 如果CI/CD创建后,如何更新Lambda_function的源代码哈希的源代码?
2>这是我通过分开基础架构部署而使用的正确流程?
I am using Terraform to create AWS Lambda function and also to store package in the S3 bucket. For brevity I am not including all the code
// Create S3 Bucket
resource "aws_s3_bucket" "this" {
bucket = var.s3_bucket
}
// Create lambda function
resource "aws_lambda_function" "middleware" {
function_name = var.function_name
s3_bucket = var.s3_bucket
s3_key = var.s3_bucket_key
source_code_hash = var.source_code_hash //to trigger updates
runtime = "nodejs14.x"
memory_size = 1024
timeout = 900
handler = "dist/src/lambda.handler"
role = var.role
environment {
variables = {
DATABASE_URL = "postgres://****"
}
}
}
Terraform is used to create Infrastructure which does not change very often so I am planning to separate terraform deployment from the application code deployment. In this case application code is middleware code.
The application code deployment (using CI/CD) will create a package and upload it to S3 bucket that lambda will be using. However every time new package is generated its source_code_hash will be different and I believe lambda will require updated hash.
Question
1> During the application deployment, I don't want to apply terraform again by passing new source_code_hash. (That could be error prone process by accidently updating infrastructure)
How do I update lambda_function's source code hash after its created as a part if CI/CD?
2>Is this the correct flow I am using by separating Infrastructure deployment?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
通常,我在同一地点看到代码和下文,因此您只需使用新哈希即可运行地Terraform的每个代码版本。由于您正在使用Terraform部署Lambda功能,因此Lambda 是您的基础架构,您应该使用TF来进行代码更新。鉴于此,您必须运行
Terraform Apply,因此Terraform不会失去基础架构的状态。如果出于任何原因需要将两者分开,则将其作为CI/CD的一部分更新AWS CLI,并以这样的事实与您的Terraform状态不完全同步与函数的代码同步。Typically I see the code and infra in the same place so every code release you just run the Terraform apply with the new hash. Since you are deploying your Lambda function with Terraform, Lambda IS your infrastructure and you should use TF to make code updates. Given this, you must run
terraform applyso Terraform does not lose the state of your infrastructure. If for whatever reason you do need to split the two, instead update the function with the AWS CLI as part of your CI/CD and live with the fact that your Terraform state is not fully in sync with your function's code.