chore(ci): add canary to layer deployment

.github/scripts/setup_tmp_layer_files.sh

@@ -6,7 +6,9 @@ npm init -y
 npm i \
   @aws-lambda-powertools/logger@$VERSION \
   @aws-lambda-powertools/metrics@$VERSION \
-  @aws-lambda-powertools/tracer@$VERSION
+  @aws-lambda-powertools/tracer@$VERSION \
+  @aws-lambda-powertools/commons@$VERSION \
+  @aws-lambda-powertools/parameters@$VERSION
 rm -rf node_modules/@types \
   package.json \
   package-lock.json

.github/workflows/reusable_deploy_layer_stack.yml

@@ -94,6 +94,8 @@ jobs:
           path: ./cdk-layer-stack/* # NOTE: upload-artifact does not inherit working-directory setting.
           if-no-files-found: error
           retention-days: 1
+      - name: CDK deploy canary
+        run: npm run cdk -w layer -- deploy --app cdk.out --context region=${{ matrix.region }} 'CanaryStack' --require-approval never --verbose --outputs-file cdk-outputs.json
   update_layer_arn_docs:
     needs: deploy-cdk-stack
     permissions:

layers/bin/layers.ts

@@ -2,6 +2,7 @@
 import 'source-map-support/register';
 import { App } from 'aws-cdk-lib';
 import { LayerPublisherStack } from '../src/layer-publisher-stack';
+import { CanaryStack } from 'layers/src/canary-stack';
 
 const SSM_PARAM_LAYER_ARN = '/layers/powertools-layer-arn';
 
@@ -12,3 +13,9 @@ new LayerPublisherStack(app, 'LayerPublisherStack', {
   layerName: 'AWSLambdaPowertoolsTypeScript',
   ssmParameterLayerArn: SSM_PARAM_LAYER_ARN,
 });
+
+new CanaryStack(app, 'CanaryStack', {
+  powertoolsPackageVersion: app.node.tryGetContext('PowertoolsPackageVersion'),
+  ssmParameterLayerArn: SSM_PARAM_LAYER_ARN,
+  layerName: 'AWSLambdaPowertoolsCanaryTypeScript',
+});

layers/src/canary-stack.ts

@@ -0,0 +1,99 @@
+import { CustomResource, Duration, Stack, StackProps } from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+import { LayerVersion, Runtime } from 'aws-cdk-lib/aws-lambda';
+import { RetentionDays } from 'aws-cdk-lib/aws-logs';
+import { v4 } from 'uuid';
+import {
+  Effect,
+  ManagedPolicy,
+  PolicyStatement,
+  Role,
+  ServicePrincipal,
+} from 'aws-cdk-lib/aws-iam';
+import { Provider } from 'aws-cdk-lib/custom-resources';
+import { StringParameter } from 'aws-cdk-lib/aws-ssm';
+import path from 'path';
+import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs';
+
+export interface CanaryStackProps extends StackProps {
+  readonly layerName: string;
+  readonly powertoolsPackageVersion: string;
+  readonly ssmParameterLayerArn: string;
+}
+
+export class CanaryStack extends Stack {
+  public constructor(scope: Construct, id: string, props: CanaryStackProps) {
+    super(scope, id, props);
+    const { layerName, powertoolsPackageVersion } = props;
+
+    const suffix = v4().substring(0, 5);
+
+    const layerArn = StringParameter.fromStringParameterAttributes(
+      this,
+      'LayerArn',
+      {
+        parameterName: props.ssmParameterLayerArn,
+      }
+    ).stringValue;
+
+    // lambda function
+    const layer = [
+      LayerVersion.fromLayerVersionArn(this, 'powertools-layer', layerArn),
+    ];
+
+    const executionRole = new Role(this, 'LambdaExecutionRole', {
+      assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
+      managedPolicies: [
+        ManagedPolicy.fromAwsManagedPolicyName(
+          'service-role/AWSLambdaBasicExecutionRole'
+        ),
+      ],
+    });
+
+    executionRole.addToPolicy(
+      new PolicyStatement({
+        actions: ['lambda:GetFunction'],
+        resources: ['*'],
+        effect: Effect.ALLOW,
+      })
+    );
+
+    const canaryFunction = new NodejsFunction(this, 'CanaryFunction', {
+      entry: path.join(__dirname, './canary/app.ts'),
+      handler: 'handler',
+      runtime: Runtime.NODEJS_18_X,
+      functionName: `canary-${suffix}`,
+      timeout: Duration.seconds(30),
+      bundling: {
+        externalModules: [
+          // don't package these modules, we want to pull them from the layer
+          'aws-sdk',
+          '@aws-lambda-powertools/logger',
+          '@aws-lambda-powertools/metrics',
+          '@aws-lambda-powertools/tracer',
+          '@aws-lambda-powertools/parameters',
+          '@aws-lambda-powertools/commons',
+        ],
+      },
+      role: executionRole,
+      environment: {
+        POWERTOOLS_SERVICE_NAME: 'canary',
+        POWERTOOLS_VERSION: powertoolsPackageVersion,
+        POWERTOOLS_LAYER_NAME: layerName,
+      },
+      layers: layer,
+      logRetention: RetentionDays.ONE_DAY,
+    });
+
+    // use custom resource to trigger the lambda function during the CFN deployment
+    const provider = new Provider(this, 'CanaryCustomResourceProvider', {
+      onEventHandler: canaryFunction,
+      logRetention: RetentionDays.ONE_DAY,
+    });
+
+    // random suffix forces recreation of the custom resource otherwise the custom resource will be reused from prevous deployment
+    new CustomResource(this, `CanaryCustomResource${suffix}`, {
+      serviceToken: provider.serviceToken,
+    });
+  }
+}

layers/src/canary/app.ts

@@ -0,0 +1,20 @@
+import { Context } from 'aws-lambda';
+import { Logger } from '@aws-lambda-powertools/logger';
+import { Tracer } from '@aws-lambda-powertools/tracer';
+import { Metrics, MetricUnits } from '@aws-lambda-powertools/metrics';
+import { SSMProvider } from '@aws-lambda-powertools/parameters/ssm';
+
+const logger = new Logger();
+const tracer = new Tracer();
+const metrics = new Metrics({});
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+const ssmProvider = new SSMProvider();
+
+export const handler = async (
+  _event: unknown,
+  _context: Context
+): Promise<void> => {
+  logger.info('Hello, world!');
+  metrics.addMetric('MyMetric', MetricUnits.Count, 1);
+  tracer.annotateColdStart();
+};