[aws-lambda-python] Allow the use of CodeArtifact #10298
Comments
mrpackethead
added
feature-request
|
Thanks @mrpackethead (I suggest you change from code-artifact to CodeArtifact ;)). The issue #9942 seems to be related as well. To reiterate what I have shared on Slack, I have solved the problem with Function by first configuring pip using the login command and then I mounted a volume to the Docker container to make my pip.confg available during the build. my_lambda = aws_lambda.Function(
self,
"MyLambdaFunction",
code=aws_lambda.Code.from_asset(
"path/to/lambda",
asset_hash_type=core.AssetHashType.SOURCE,
bundling=core.BundlingOptions(
image=aws_lambda.Runtime.PYTHON_3_8.bundling_docker_image,
command=[
"bash",
"-c",
" && ".join(
[
"pip install -r requirements.txt -t /asset-output",
"cp -au . /asset-output",
]
),
],
user="root:root",
volumes=[
core.DockerVolume(
container_path="/root/.config/pip/pip.conf",
host_path=f"{Path.home()}/.config/pip/pip.conf",
),
],
),
),
) |
|
maybe this just needs a way to provide a pip config ( it could sit next to the requirements.txt ) to the bundling container. |
SomayaB
changed the title
|
@adamelmore thoughts? |
|
👍 Just add one more customer interested on this feature |
|
adding to that, I've changed jobs, but the requirment has'tn chagned... @PierreKiwi 's work ( above ) is helpful but it woudl be nice to do this more tiderly. |
|
Related to this ticket is I posted a workaround detailing how to use your own ECR |
|
To note, we hacked around the lack of direct support a little differently: we rewrite the requirements file from a template at deployment time and insert the correct codeartifact pypi index via |
|
I started off with #15306 to really address this, but only later realized it wouldn't be enough to add support for One potential alternative is to allow specifying a custom build image specifically for the Python Lambdas, and pass in CodeArtifact auth using build args. That requires being able to set args in the build image. This type of a setup would also allow using the various packaging tools like More concretely, what I'm suggesting is: a) A build # The correct AWS SAM build image based on the runtime of the function will be
# passed as build arg. The default allows to do `docker build .` when testing.
ARG IMAGE=public.ecr.aws/sam/build-python3.7
FROM $IMAGE
# <-- additional args begin
ARG POETRY_HTTP_BASIC_CODEARTIFACT_USERNAME
ARG POETRY_HTTP_BASIC_CODEARTIFACT_PASSWORD
# additional args end -->
# Ensure rsync is installed
RUN yum -q list installed rsync &>/dev/null || yum install -y rsync
# Upgrade pip (required by cryptography v3.4 and above, which is a dependency of poetry)
RUN pip install --upgrade pip
# Install pipenv and poetry so we can create a requirements.txt if we detect pipfile or poetry.lock respectively
RUN pip install pipenv poetry
# Install the dependencies in a cacheable layer
WORKDIR /var/dependencies
COPY Pipfile* pyproject* poetry* requirements.tx[t] ./
RUN [ -f 'Pipfile' ] && pipenv lock -r >requirements.txt; \
[ -f 'poetry.lock' ] && poetry export --with-credentials --format requirements.txt --output requirements.txt; \
[ -f 'requirements.txt' ] && pip install -r requirements.txt -t .;
CMD [ "python" ]b) Then, the auth could be passed in from local env vars or by running the subprocess command inline into the new PythonFunction(this, 'MyFunction', {
entry: '/path/to/my/function', // required
index: 'my_index.py', // optional, defaults to 'index.py'
handler: 'my_exported_func', // optional, defaults to 'handler'
buildDockerfile: "/path/to/local/build/Dockerfile",
buildArgs: {
POETRY_HTTP_BASIC_CODEARTIFACT_USERNAME: process.env.POETRY_HTTP_BASIC_CODEARTIFACT_USERNAME!,
POETRY_HTTP_BASIC_CODEARTIFACT_PASSWORD: process.env.POETRY_HTTP_BASIC_CODEARTIFACT_PASSWORD!
}
});This would also make it more inline with the This also allows flexibility in how args are passed in and interpreted without tying it to a single packaging solution given there's various possible with Python. I'm happy to take a stab at implementing this to build on what I started in #15306. |
|
I created a draft PR here to start an implementation: #15324 I simplified my changes suggested above to reuse new PythonFunction(this, 'MyFunction', {
entry: '/path/to/my/function', // required
index: 'my_index.py', // optional, defaults to 'index.py'
handler: 'my_exported_func', // optional, defaults to 'handler'
buildImage: cdk.DockerImage.fromBuild("/path/to/file", {
file: "Dockerfile.build",
buildArgs: {
POETRY_HTTP_BASIC_CODEARTIFACT_USERNAME: process.env.POETRY_HTTP_BASIC_CODEARTIFACT_USERNAME!,
POETRY_HTTP_BASIC_CODEARTIFACT_PASSWORD: process.env.POETRY_HTTP_BASIC_CODEARTIFACT_PASSWORD!
}
}
}); |
…mage (#18082) This refactors the bundling process to match the NodeJs and Go Lambda functions and allows providing a custom bundling docker image. Changes: - refactor bundling to use `cdk.BundlingOptions` - Use updated `Bundling` class - Update tests to use updated `Bundling` class Fixes #10298, #12949, #15391, #16234, #15306 BREAKING CHANGE: `assetHashType` and `assetHash` properties moved to new `bundling` property. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
…mage (aws#18082) This refactors the bundling process to match the NodeJs and Go Lambda functions and allows providing a custom bundling docker image. Changes: - refactor bundling to use `cdk.BundlingOptions` - Use updated `Bundling` class - Update tests to use updated `Bundling` class Fixes aws#10298, aws#12949, aws#15391, aws#16234, aws#15306 BREAKING CHANGE: `assetHashType` and `assetHash` properties moved to new `bundling` property. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Allow the use of CodeArtifact, so that private modules can be loaded from a private repository
Use Case
Many librarys are private, which get used to build lambdas
Proposed Solution
pass parameters for the code-artifact repo to the container.
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: