...
To configure Project specific Source Control one first need to navigate to the Project Configuration tab.
Next, expand the SOURCE CONTROL option from the left-hand pane.
Select the appropriate Source Control Type
Configure Source Repository. For detailed steps of Source Control configuration please refer to Configure Source Control in FlexDeploy
Project Properties
...
configuration of the properties e.g. Cloud account, and CLI path.
cloning the function code and create the Archive file.
cloning the environment file from Git repository
deploy the function code and adding the environment variables to the Lamba function.
verify the function code.
Checklist
...
Checklist
...
Description
...
AWS Access Key
...
AWS Access Key of the user.
...
AWS Secret Key
...
Password for the Access Key
...
AWS Default Region
...
Default region can be set. eg. ap-south-1
...
AWS CLI installation
...
AWS CLI needs to be installed where the plugin operation shall run (FlexDeploy server)
...
AWS CLI in class path
...
AWS CLI should be added to the class path on the FlexDeploy Server. Else the path can also be set under FlexDeploy environment level property
...
AWS Lambda Function
...
AWS Lambda Function should be already present.
...
AWS KMS Key
...
AWS KMS key to secured the environment variable.
Configure Cloud Account
To connect with AWS Lambda Function, we required to configure Cloud account, with credentials details. Configure AWS Cloud Account under Integration. FlexDeploy will connect to the Lambda Function and add the environment variables.
Navigate to the Integrations
Select Cloud from the left-hand pane
Create a new Cloud account with the “+” button. Create a new Cloud account of provider type “AWS”
...
It should have a AWS Access Key and AWS Secret Key. The user must have relevant access to AWS Lambda Function.
...
AWS Secret Key is a password field and hence needs to be kept hidden. To update the same click on the pencil icon as shown below
Update the AWS Secret Key value under Secret Text. This is to make sure no one else can retrieve the password
...
After configuration we would be able to use the Cloud Account as a drop down from the list.
...
Create AWS Lambda Function
AWS Lambda is a compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, and logging. With Lambda, all you need to do is supply your code in one of the language runtimes that Lambda supports. Please refer to the link for more information What is AWS Lambda? - AWS Lambda
To create the Lambda Function go to the AWS console
Navigate to the Services
Select Compute from the left-hand pane
Now click on the Lambda service option
...
After selecting the Lambda service, new window will open and it contains detail of all the functions.
...
Now select the create function option, it will open window to create function and configured detail.
...
By default AWS creates execution role with basic Lambda permissions, we can select an existing role also. In above example we are using existing role ( basic-lambda-role ) . Please refer to the link for more information IAM roles - AWS Identity and Access Management
The role which we are selecting must have basic Lambda permissions, the role we have selected also have permission for KMS key to decrypt the secured variables. If we are using the KMS key to encrypt the secured variables then we must have to give permission to the role to use the KMS key.
...
In above role we can see we have one permissions policy name as kms-access, this policy allow us to use the KMS key to decrypt the variables, which we have used to encrypt the variables.
Policy detail:
...
Trust relationships detail: ( Entities that can assume this role under specified conditions )
...
Detail of the AWS Lambda function which we have created and going to use for this tutorial:
If we check the Code details of the function, then we found we have sample code. We will update the code using our AWS plugin operation.
...
On testing the code, using the Test option provided by AWS Lambda we will get this response:
...
If we check the Environment variables details under the Configuration, there is no environment variables are present. Once successful execution of the operation we should be able to see some environment variables.
...
Create AWS KMS Key
AWS Key Management Service (AWS KMS) is a managed service that makes it easy for us to create and control the cryptographic keys that are used to protect our data. Please refer to the link for more information Encryption Cryptography Signing - AWS Key Management Service - AWS
AWS KMS key is required to encrypt the secured variables before adding them to Lambda function. If we don’t have any secured variables in that case we don’t required to configure KMS key detail in the project. In our scenario we are adding both secured and non-secured variables to the Lambda function.
To create the Lambda Function go to the AWS console
Navigate to the Services
Select Security, Identity, & Compliance from the left-hand pane
Now click on the Key Management Service service option
...
Detail of the KMS key which we are using for this tutorial:
...
We can use Key ID or Key ARN value in the project to encrypt the variables, both are accepted.
Git Repository Structure
The Git repository contains the Environment file.
The Sample Git repository structure is given below.
...
Environment Variable File Structure
This is the example of environment file with json structure, please refer the document to get more details about environment variables' acceptable structure.
...
Pre-requisite
Configure IAM user
To access the Lambda Function we need to create an AWS IAM account with required permissions. To create the AWS IAM user navigate to the AWS Identity and Access Management (IAM) service page, and click on the Add users option. Next assign the required permission to access the Lambda Function. Once user is created, AWS secret key can be generated, this key we have to configure in Cloud account.
For more information about IAM user please ref. IAM users - AWS Identity and Access Management
...
CLI Installation
AWS CLI should be installed in the m/c where the plugin is to be executed. Preferably add AWS CLI path in m/c classpath.
Build and Deploy Workflows
Navigate to the Workflows tab and create a workflow using the “+”(Click to create new Workflow) button as highlighted below.
...
Next, create one Build and Deploy workflow as shown below. The workflow Type field defines the type of workflow.
Build Workflow
Navigate to the Workflows
Select the “+” button from the left-hand pane to create a new workflow
...
Deploy Workflow
navigate to the Workflows
Select the “+” button from the left-hand pane to create a new workflow
...
The Workflow Group and Subgroup define the folder hierarchy. Once both workflows are created it should look like the below. No constraint on workflow or folder naming convention.
...
The steps of the workflow execution can be configured through the Workflow Definition section.
...
Below given is a sample build workflow to copy the file from Git repository.
...
Step-i: Clone Git Repository
This step will clone the Git repository codebase into the project execution working directory. The Git URL will be retrieved from Source Control configured under Project Configuration.
...
Step-ii: Create Function archive and save as Artifact
The below step will create Function archive and also check the Produces Artifact option to save the files as artifact so that can be used from Deploy workflow.
...
Step-iii: Copy the environment file
The below step will copy the environment file, so that can be used from Deploy workflow.
...
Below given is a sample workflow to deploy lambda function code.
...
Step-i: updateLambdaFunctionCode
This step will deploy Lambda function code, and also publish the function version.
...
In above configuration using following Inputs.
...
Input Name
...
Input Code
...
Type
...
Required
...
Description
...
Additional Arguments
...
FDAWS_LAMBDA_INP_ADD_ENV_VAR_ADDITIONAL_ARG
...
String
...
No
...
Literal key and value pairs. e.g. --region=us-east-1
And for boolean type arguments give the option without any value. e.g --publish --debug
...
Environment Variables
...
FDAWS_LAMBDA_INP_ENV_VAR
...
String
...
No
...
Environment Variables in acceptable format.
...
Publish new version
...
FDAWS_LAMBDA_INP_PUBLISH_VERSION
...
Boolean
...
No
...
Select to publish a new version. Default value is false.
Project Configuration
Navigate to the Project tab and create a Project with a logical name(AWS-Deploy-Lambda-Function-Code)
...
Configure the Build and Deploy workflow that has been created in previous steps as shown below.
Source Control
Configure the Source SCM repository under Source Control as shown below.
...
To configure Project specific Source Control one first need to navigate to the Project Configuration tab.
Next, expand the SOURCE CONTROL option from the left-hand pane.
Select the appropriate Source Control Type
Configure Source Repository. For detailed steps of Source Control configuration please refer to Configure Source Control in FlexDeploy
Project Properties
...
Lambda Function name: Name of the lambda function to deploy the code, if lambda function name is not given S3 key name will be use as function name.
...