...
New agent implementation to support FAAS on AWS Lambda based on the node v8 engine.
Support Model
...
Pre Requisites
AWS lambda functions are small and short pieces of code that is invoked by calling to an http endpoint.
...
In order to add SL to a give FAAS, you only need to do one thing, and change the deployment manifest to includes the support of Sealights lambda layer
Deployment Manifest Changes
There are two main changes that need to be done to the deployment manifest:
Adding Sealights Lambda layer - contains the code of the sealights lambda support
Add reference to Sealights Lambda Layer on every Lambda function definition.
Example:
...
Collector changes
The collector needs to be configured to support node lambda calls. This should be done by adding the following flags under the collectors->properties section:
| Code Block |
|---|
collectors: ... properties: handler: ./src/test-lambda-1/index.handler... eventsenableNYCCollector: true - httpApi: path: /sealights nycCollectorUploadInterval: 60 |
Deployment Manifest Changes
There are two main changes that need to be done to the deployment manifest:
Adding Sealights Lambda layer - contains the code of the sealights lambda support
Add reference to Sealights Lambda Layer on every Lambda function definition.
Example:
| Code Block |
|---|
your-api: method: get # handler: ./src/test-lambda-1/index.handler events: - httpApi: path: /sealights method: get # this is all you need to add layers: - arn:aws:lambda:eu-west-1:159616352881:layer:sl-nodejs-layer:44 # end of what's needed |
...
Environment Variable Name | Description | Type |
|---|---|---|
| Agent token needed for authentication | string |
| Determine the root directory of project, default is current working directory. | string |
| Set build session id name | string |
| Set the lab ID value | string |
Code Example
Code repository
...
| Code Block |
|---|
npx slnodejs config --tokenfile sltoken.txt --appName "AWS Lambda" --branch "master" --build 3
npx slnodejs scan --workspacepath ./src --tokenfile sltoken.txt --buildsessionidfile buildSessionId --scm none --awsConfigure
npx slnodejs start --tokenfile sltoken.txt --buildsessionidfile buildSessionId --teststage "Sealights on Lambda" |
...
| Code Block |
|---|
service: aws-node-http-api-project
provider:
name: aws
vpc:
securityGroupIds:
- sg-965602ef
subnetIds:
- subnet-028c8368058b24e21
region: eu-west-1
runtime: nodejs16.x
functions:
api-normal:
handler: ./src/test-lambda-1/index.handler
events:
- httpApi:
path: /default
method: get
# START - SL addition
layers:
- arn:aws:lambda:eu-west-1:159616352881:layer:sl-nodejs-layer:44
# END - SL addition
resources:
Resources:
MyLambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: MyLambdaExecutionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: LambdaVPCAccessPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogStream
- logs:CreateLogGroup
- logs:TagResource
Resource:
- "arn:aws:logs:eu-west-1:534369319675:log-group:/aws/lambda/aws-node-http-api-project-dev*:*"
- Effect: Allow
Action:
- logs:PutLogEvents
Resource:
- "arn:aws:logs:eu-west-1:534369319675:log-group:/aws/lambda/aws-node-http-api-project-dev*:*"
- Effect: Allow
Action:
- lambda:InvokeFunction
Resource: "*"
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
Resource: "*" |
Special Considerations
Support for Additional Layers:
Currently, using other layers with SeaLights layer is supported only for:
Dynatrace (
AWS_LAMBDA_EXEC_WRAPPER=/opt/dynatrace)OTEL (
AWS_LAMBDA_EXEC_WRAPPER:/opt/otel-handler)
If you are using the Dynatrace or OTEL handlers, the SL layer will automatically detect this and work with it.
When you do not want SeaLights Lambda Layer to run OTEL layer, you must explicitly disable it with
DISABLE_OTEL_HANDLER=trueWhen you do not want SeaLights Lambda Layer to run Dynatrace layer, you must explicitly disable it with
DISABLE_DYNATRACE=true