2

I'm trying to build a pipeline to automate a lambda function deployment on AWS. I created a pipeline, a codebuild and needed IAM roles and integrated them with cloudformation.

here's my buildspec.yml:

version: 0.2
phases:
  install:
    runtime-versions:
      nodejs: 14
    commands:
      - echo "Installing from package.json"
      # - npm install
  pre_build:
    commands:
      - echo "Build on `date`"
      # - npm run test
  post_build:
    commands:
      - zip -r lambda.zip index.js template.yml
      - aws s3api put-object --bucket github-lambda-demo --key lambda.zip --body lambda.zip


artifacts:
  files:
    - template.yml
  discard-paths: yes

And this is my cloudformation template:

AWSTemplateFormatVersion: '2010-09-09'
Description: Template for Lambda Sample.
Resources:
  LambdaRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName:
        Fn::Sub: lambda-role
      AssumeRolePolicyDocument:
        Statement:
          - Action:
            - sts:AssumeRole
            Effect: Allow
            Principal:
              Service:
              - lambda.amazonaws.com
        Version: 2012-10-17
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AWSLambdaExecute
        - arn:aws:iam::aws:policy/AmazonS3FullAccess

  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: github-lambda-demo
        S3Key: lambda.zip
      Description: demo for lambda deployment
      FunctionName: github-lambda-demo
      Handler: index.handler
      PackageType: Zip
      # Layers: 
      #   - String
      MemorySize: 256
      Role:
        Fn::GetAtt:
          - LambdaRole
          - Arn
      Runtime: nodejs14.x
      Timeout: 300

All the steps are done quite right with no errors in codePipeline but my lambda function source is not being update as it should be.

Any help?!

Improve this question
1
  • "not being update as it should be" - its not clear? What exactly it should be? What is now, and what do you expect to happen? Any errors? Commented Apr 9, 2021 at 0:01

1 Answer 1

Reset to default
3

This is expected behavior for Lambda Resource in cloudformation, Straight from docs:

Changes to a deployment package in Amazon S3 are not detected automatically during stack updates. To update the function code, change the object key or version in the template.

So, typically two options:

First option using versioned S3 Bucket:

  • Enable versioning of S3 bucket where artifact is stored.
  • put-object cli you have used will return the version of the object.
  • Store the version in ssm parm or use a custom cloud formation resource to get latest version of an s3 object in cloudformation.

Second option using ssm parameter

  • Suffix artifact name with a version (or even the git sha) before writing to S3.
  • Store the version in an SSM parameter in build process itself.
  • Grab the version from SSM parameter in cloudformation.
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Awesome, can you also share a piece of code for the template with object versioning enabled?! or is it something I specify with UI when creating the Pipeline? because in buildspec I can't get return of the command and pass it to template.yml.
@HosseinHeydari I didn't realize that your CF is running in codepipeline. its not that striaghtforward. When i used first option, i used a custom resource in cloudformation to fetch the latest version of s3 object,(used aws cdk makes it lot easier), may be storing the version in ssm is the way to go?
I used docker registry to fixed it. thanks for the answers.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.