Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sfn finalizer log & eventTrail the target:success map result; add Sfn pin lambda version #39

Closed
rivernews opened this issue Sep 30, 2022 · 5 comments
Closed

Sfn finalizer log & eventTrail the target:success map result; add Sfn pin lambda version #39

rivernews opened this issue Sep 30, 2022 · 5 comments

Comments

@rivernews
Copy link
Owner

rivernews commented Sep 30, 2022
edited
Loading

ef44117

b5d71d3
@rivernews rivernews mentioned this issue Sep 30, 2022
Closed
31 tasks
@rivernews
Copy link
Owner Author

Same reason in #38, we won't implement success rate. But we can symbolically read from map result just to get the stories count, which is going to equal the stories input length anyway. But it could be a POC of accessing map outputs.

@rivernews
Copy link
Owner Author

rivernews commented Sep 30, 2022
edited
Loading

Also to better support rolling deploy, we should pin lambda version in Sfn: https://dev.to/aws-builders/aws-step-functions-are-active-executions-affected-when-your-state-machine-gets-updated-5dfn

Seems to cause Sfn execution error:

1 validation error detected: Value 'arn:aws:lambda:us-west-2:***:function:media-literacy-dev-story-lambda/28' at 'functionName' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_\.]+)(:(\$LATEST|[a-zA-Z0-9-_]+))? (Service: AWSLambda; Status Code: 400; Error Code: ValidationException; Request ID: 93150322-fa71-4c0b-a653-25232e48685a; Proxy: null)

Is version number already included in lambda_function_arn? Possibly, looking at AWS doc. Watch the FunctionArn already includes version number at the end.

  • Nope we see the deployed Sfn definition has "Resource": "arn:aws:lambda:us-west-2:***:function:media-literacy-dev-story-lambda" We may need to look at the TF AWS Lambda module doc.
  • Let's try another output property lambda_function_qualified_arn, now the Sfn def shows "Resource": "arn:aws:lambda:us-west-2:**:function:media-literacy-dev-story-lambda:29"... \
  • Sfn seems to run with qualified lambda arn, but now a permission error User: arn:aws:sts::368061806057:assumed-role/media-literacy-dev-batch-stories-sfn/XhCRchTWFeYYluPMRgpIuucObgkkFsVB is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-west-2:368061806057:function:media-literacy-dev-story-lambda:29 because no identity-based policy allows the lambda:InvokeFunction action (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: b0f196af-b186-4769-8862-9acbf4fc5afb; Proxy: null)
    • Can we keep Sfn pin to qualified arn, but permission we wildcard to allow all versions of that lambda? We can use this AWS doc, following "Example allowing invocation of any qualified ARN": ...:function:myFunction:*". By doing this, we enforce Sfn should always use versioned lambda - we deny unqualified arn which means deny if not specifying version.

@rivernews rivernews changed the title Sfn finalizer log & eventTrail the target:success map result Sfn finalizer log & eventTrail the target:success map result; add Sfn pin lambda version Sep 30, 2022
rivernews added a commit that referenced this issue Sep 30, 2022
@rivernews
Let Sfn pin lambda version
862ee64 
Fixes #39
@rivernews
Copy link
Owner Author

Confirmed Sfn is executing ok now.

@rivernews
Copy link
Owner Author

We still need to confirm Sfn finalizer shows the total stories count. This will take some time, up to 13*3 minutes.

@rivernews rivernews reopened this Sep 30, 2022
@rivernews
Copy link
Owner Author

Confirmed!

image

rivernews added a commit that referenced this issue Oct 2, 2022
@rivernews
One time batch landings (#37)
4f7720b 
* temp store all

* remove go_poc

* upgrade so project runs on M1

* Try S3 notification

* Fix prefix to include newssite alias

* Fix aws lambda PathError issue

* Save to metadata.json complete

* add untitled stories in metadata.json

* rename stories function to landing_metadata

* rename batch stories fetch tf to metadata

* Improved metadata access s3 event

* Metadata.json trigger computing env

* read parse metadata.json

* fetch a story POC
#24

* Sfn map parallism POC
#24

* randomize requests

* Refactor to allow individual tf modules
address #25 (comment)

* scaffold table

* draft table design

* create table

* Draining mechanism draft - identify all TODOs
#25 (comment)

* Draft for put landing page; identified TODOs
Issue: #25

* Complete tf surgery; Identify all TODOs in golang
For #25

* fix compile error; progress in metadata cronjob add query

* Ready to test

* Fix db field first char not lowercase
Tracked by #25 (comment)

* Fix permission of db index, S3 pull
Tracked by #25 (comment)

* All tests complete
Tracked by #25 (comment)

* Move landing PutItem out to s3 trigger lambda; ready for S3 batch move

* create reusable lambda module; optimize package size
#25 (comment)

* Fix golang build path

* Refactor to use our custom lambda module

* add landing s3 trigger

* rm golang module stories that are renamed

* Fix env var

* Fix permission for PutItem move from landing to s3 trigger

* Fix metadata s3 trigger not fired

* Fix s3 trigger not working - S3 notification can only have one resource

* Make it easier to test

* prod grade setting enabled

* In Sfn pin lambda version, so rolling deploy works better for lambda

* Display sfn map result / target stories count info in finalizer

* stop landing s3 trigger from sending slack logs
Fixes #40

* Let Sfn pin lambda version
Fixes #39

* improve log for metadata trigger

* improve cronjob log

* log cronjob event for better understanding of how it get triggered

* Disable cronjob to better debug
Fixes #43

* workaround to scale up our Sfn pipeline
Fix #44

* improve log for landing S3 trigger

* re-enable prod config plus cronjob
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rivernews