0

I've been writing an application on AWS that consists of several Rust lambdas. One of those lambdas has to have access to a bunch of external dependencies and therefore needs to be Dockerized. As I understand, the official AWS Lambda runtime for Rust runs within the lambda's binary and shouldn't need any special setup or exposing of ports. My Dockerfile is as follows:

# building omitted
FROM alpine:latest AS runner
WORKDIR /root/
COPY target/x86_64-unknown-linux-musl/release/my-lambda ./my-lambda
CMD [ "/root/my-lambda" ]

The image then gets built and pushed to an Amazon ECR registry my Lambda is configured to get its code from. The logs I get when invoking the function with any test data in the AWS console are:

IMAGE   Launch error: fork/exec /root/my-lambda: permission denied  Entrypoint: []  Cmd: [/root/my-lambda]  WorkingDir: [/root/]
START RequestId:  (...) Version: $LATEST
IMAGE   Launch error: fork/exec /root/my-lambda: permission denied  Entrypoint: []  Cmd: [/root/my-lambda]  WorkingDir: [/root/]
END RequestId:  (...)
REPORT RequestId:  (...)    Duration: 59.75 ms  Billed Duration: 60 ms  Memory Size: 128 MB Max Memory Used: 5 MB   
RequestId: (...) Error: fork/exec /root/my-lambda: permission denied
Runtime.InvalidEntrypoint

{
  "errorMessage": "RequestId: (...) Error: fork/exec /root/my-lambda: permission denied",
  "errorType": "Runtime.InvalidEntrypoint"
}

I know the problem is not with:

  • the my-lambda executable file's permissions (anyone can execute it, I've tried chmod -R 777 for good measure too)
  • the availability of libc (I specifically compiled for the musl target, as is best practice for Rust lambdas due to the Rust stdlib almost always linking to a newer glibc than Amazon Linux has)
  • whether or not the Docker image even runs - if I try to run the image locally, my lambda runs and crashes on not finding the AWS_LAMBDA_RUNTIME_API env var or other variables lambdas depend on, as expected
  • the executable's naming or if it's invoked with a relative path - naming it bootstrap in line with lambda convention and finishing with CMD ["./bootstrap"] did not help

I've also tried using an ENTRYPOINT rather than a CMD in the dockerfile, as well as providing a placeholder CMD like doesnt.matter.

Googling around for a solution has only turned up Rust lambda builder images and similar-looking but unrelated errors for Golang.

Improve this question

1 Answer 1

Reset to default
2

Nevermind, figured it out:

FROM alpine:latest AS runner
WORKDIR /var/task/
COPY target/x86_64-unknown-linux-musl/release/my-lambda /var/task/my-lambda
CMD [ "./bootstrap" ]

Turns out that the executable must be in the /var/task/ directory.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Note that AWS is providing a useful environment variable to avoid hardcoding /var/task, you could use LAMBDA_TASK_ROOT source: docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.