Questions tagged with AWS Lambda

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

AccessDeniedException when retrieving AWS Parameters from Lambda

I am attempting to access system parameters from a Lambda developed using C# I have added the required lambda layer as per https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html#ps-integration-lambda-extensions-sample-commands The lambda execution role has the following in the IAM definition (???????? replacing actual account id) ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ssm:*" ], "Resource": "arn:aws:ssm:*:???????????:parameter/*" } ] } ``` As per the AWS page reference above I made a HTTP GET request to http://localhost:2773/systemsmanager/parameters/get/?name=/ClinMod/SyncfusionKey&version=1 This is failing with the following response ``` { "Version": "1.1", "Content": { "Headers": [ { "Key": "Content-Type", "Value": [ "text/plain" ] }, { "Key": "Content-Length", "Value": [ "31" ] } ] }, "StatusCode": 401, "ReasonPhrase": "Unauthorized", "Headers": [ { "Key": "X-Amzn-Errortype", "Value": [ "AccessDeniedException" ] }, { "Key": "Date", "Value": [ "Thu, 01 Dec 2022 12:16:59 GMT" ] } ], "TrailingHeaders": [], "RequestMessage": { "Version": "1.1", "VersionPolicy": 0, "Content": null, "Method": { "Method": "GET" }, "RequestUri": "http://localhost:2773/systemsmanager/parameters/get/?name=/ClinMod/SyncfusionKey&version=1", "Headers": [], "Properties": {}, "Options": {} }, "IsSuccessStatusCode": false } ```` Any clues where I am going wrong?
2
answers
0
votes
19
views
asked 14 hours ago

Concurrently executions from a FIFO queue

I have my FIFO queue connected with a Lambda function. When a message is sent to the queue the function takes and processes it. My problem occurs when more than one message is sent to the queue: I understood that with a FIFO queue, basically, all the messages are processed one by one (if they share the same GroupID). This is not what happens to me: when I send more than one message (5 for example) to the queue in few seconds, than the first message goes in flight while the other messages are waiting, but when the first message process is completed then all the other 4 messages go together in flight!! How can this happen if they share the same GroupID and they are is a FIFO queue? I expect that when the first is completed then the second goes in flight, and the other 3 waits and so on! I think it doesn't depends on the queue setting because I changed all the parameters many times (Visibility time out, content based deduplication and so on). In any case I leave you, below, the screenshots of the parameters setting I now have. My account has a maximum of 10 concurrent executions and it is the exact number of messages that are in flight together at maximum (I tried to send many messages and what happens is that the first is in flight alone and then ten by ten all the others get in flight concurrently, very strange to me). I would like for each group only one execution at a time, the others must wait for the completion of the one that is processing. I want to manage concurrency by the different groupID I give to the message in the queue. I'm sending messages to the queue through aws-sdk in node.js. Can someone help me please? ![Enter image description here](/media/postImages/original/IMq9LZSI5NTICMDyBK0cDvFw) ![Enter image description here](/media/postImages/original/IMZB4MNTTqSjSCcze-hT402g) ![Enter image description here](/media/postImages/original/IMPBK_zjJaTsucQIS75zAFcA)
1
answers
0
votes
13
views
asked 15 hours ago
0
answers
0
votes
16
views
asked 17 hours ago

Lambda deploy from Eclipse not working: AWS ResourceConflictException

Hello, Please see below the steps that return an AWS error in local Eclipse: - I installed AWS Toolkit for Eclipse, on Eclipse Jee 2018-12 - When I installed it 2 years ago, it worked fine and the lambda project was deployed in the Lambda Service directly from Eclipse without any configuration from my side; congratulations for this clean deploy configuration ! - An year ago this deploy started not to complete successfully: it worked only until the transfer of the eclipse archive in S3, without installation in Lambda Service. I have to do the installation of the S3 archive from the Management Console -> Lambda console, manually. - The Error Cause: **An update is in progress for resource**: arn:aws:lambda:us-east-2:255864408802:function:RekonAddUser (Service: AWSLambda; Status Code: 409; Error Code: **ResourceConflictException**; Request ID: 408040a5-f1fe-4ba0-b251-df0c2fc8fe9c) This cause was thrown wile I did not have any other interaction with that resource ! - The message was: Failed to upload project to Lambda - The error was: com.amazonaws.eclipse.core.exceptions.AwsActionException: The operation cannot be performed at this time. An update is in progress for resource: arn:aws:lambda:us-east-2:255864408802:function:RekonAddUser (Service: AWSLambda; Status Code: 409; Error Code: ResourceConflictException; Request ID: 408040a5-f1fe-4ba0-b251-df0c2fc8fe9c) at com.amazonaws.eclipse.lambda.upload.wizard.UploadFunctionWizard.doFinish(UploadFunctionWizard.java:115) at com.amazonaws.eclipse.core.plugin.AbstractAwsJobWizard$1.run(AbstractAwsJobWizard.java:35) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) Caused by: com.amazonaws.services.lambda.model.ResourceConflictException: The operation cannot be performed at this time. An update is in progress for resource: arn:aws:lambda:us-east-2:255864408802:function:RekonAddUser (Service: AWSLambda; Status Code: 409; Error Code: ResourceConflictException; Request ID: 408040a5-f1fe-4ba0-b251-df0c2fc8fe9c) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1639) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1304) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1056) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513) at com.amazonaws.services.lambda.AWSLambdaClient.doInvoke(AWSLambdaClient.java:2654) at com.amazonaws.services.lambda.AWSLambdaClient.invoke(AWSLambdaClient.java:2630) at com.amazonaws.services.lambda.AWSLambdaClient.executeUpdateFunctionCode(AWSLambdaClient.java:2514) at com.amazonaws.services.lambda.AWSLambdaClient.updateFunctionCode(AWSLambdaClient.java:2490) at com.amazonaws.eclipse.lambda.upload.wizard.util.UploadFunctionUtil.performFunctionUpload(UploadFunctionUtil.java:134) at com.amazonaws.eclipse.lambda.upload.wizard.UploadFunctionWizard.doFinish(UploadFunctionWizard.java:111) ... 2 more - The Session Data: eclipse.buildId=4.10.0.I20181206-0815 java.version=1.8.0_60 java.vendor=Oracle Corporation BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en_GB Framework arguments: -product org.eclipse.epp.package.jee.product Command-line arguments: -os win32 -ws win32 -arch x86_64 -product org.eclipse.epp.package.jee.product Thank you,
0
answers
0
votes
11
views
asked 18 hours ago

Lambda component with IPC permissions in Greengrass V2

We have migrated a lambda from AWS Greengrass v1 to AWS Greengrass v2. This lambda needs to extract and decrypt a secret from Greengrass Core. How can we authorize the component to perform IPC permissions to the lambda for that? Regular components recipes have the option `ComponentConfiguration/DefaultConfiguration/accessControl`. However when we build the component out of a lambda using AWS CLI [create-component-version](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/greengrassv2/create-component-version.html) and option `--lambda-function`, there is no option to assign authorization policies. One way we tried to make it work is by using a *merge update* in our deployment (as documented [here](https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-secret-manager.html)). ``` "accessControl": { "aws.greengrass.SecretManager": { "<my-component>:secrets:1": { "policyDescription": "Credentials for server running on edge.", "operations": [ "aws.greengrass#GetSecretValue" ], "resources": [ "arn:aws:secretsmanager:us-east-1:<account-id>:secret:xxxxxxxxxx" ] } } } ``` However the end recipe of the component (in the deployment) does not display the `accessControl` (AWS Greengrass Console), so we assume it has not been *merge updated.* ``` ... "ComponentConfiguration": { "DefaultConfiguration": { "lambdaExecutionParameters": { "EnvironmentVariables": { "LOG_LEVEL": "DEBUG" } }, "containerParams": { "memorySize": 16384, "mountROSysfs": false, "volumes": {}, "devices": {} }, "containerMode": "NoContainer", "timeoutInSeconds": 30, "maxInstancesCount": 10, "inputPayloadEncodingType": "json", "maxQueueSize": 200, "pinned": false, "maxIdleTimeInSeconds": 30, "statusTimeoutInSeconds": 30, "pubsubTopics": { "0": { "topic": "dt/app/+/status/update", "type": "PUB_SUB" } } } }, ``` Any guidance here would be greatly appreciated! Thanks
1
answers
0
votes
9
views
profile picture
rodmaz
asked 2 days ago

Updating an ECS service automatically using the CLI via Lambda

I have a multi-container application that runs a service on ECS. The images are hosted on ECR, configuration files are pulled from a S3 bucket during container startup via script. The application sits behind a network loadbalancer with EIP. The loadbalancer is in a public subnet and reachable, the app itself is inside a private subnet. My ultimate goal is to automatically update the service when either a.) a new image is checked in or b.) a new configuration file is uploaded. I figured the best way to do this behind a network load balancer (which supports rolling update) is to use the AWS ECS CLi inside a lambda function that triggers upon update. If I did not misread the docs, the CLI should trigger a rolling update. To test the CLI, I tried: `aws ecs update-service --cluster mycluster --service myservice --force-new-deployment` However, this was not successful. A new task was created, but was stopped before deployment was finished with log message: > Essential container in task exited Parameters for the service are min. 100 % and max. 200 %. I also tried to set the lower bound of running tasks to 0 %. This resulted in the successful exit of the old task, but the new tasks failed to deploy with the same error. This makes me think that I probably configured something incorrectly. Questions: 1.) Is using a lambda function a smart choice here? Or is there a better way? 2.) How can I troubleshoot the failing rolling update? I appreciate any help! If you need more information, please let me know. Best regards, Sebastian
1
answers
0
votes
15
views
asked 4 days ago

Concurrent executions of Lambda functions

I would like to understand how many calls of a Lambda function, through AWS-SDK, I can perform simultaneously. Now I am a free tier and it seems that I can't performe more than 10 concurrently executions. In my project, each client is going to make running a function and so the number of concurrently executions that my aws account can performe would be equal to the number of clients that my web app can serve simultaneously. I will be fine with 1000 at the beginning. Is it possible? How many concurrently executions my aws account (if not anymore free tier) could manage of a single function and overall through all functions by default? I will use Europe (Milano) region. With my account, right now, I can performe 10 concurrent executions of my function. I attached my concurrency data in the image:![Enter image description here](/media/postImages/original/IMS9LLlqoWQcqO9cDBFWBcOw) And my code:; import AWS from 'aws-sdk'; AWS.config.update({ accessKeyId: 'idKey', secretAccessKey: 'SecretKey', region: 'eu-west-3', }); const lambda = new AWS.Lambda(); var Utente = {feature: "feature"}; const params = { FunctionName: 'Lambda', Payload: JSON.stringify(Utente) }; ˙ lambda.updateFunctionConfiguration({ FunctionName: 'Lambda', Environment: { Variables: {} } }).promise(); function Invokation(params){ lambda.invoke(params, (error, data) => { if (error) { console.log(error) } else { console.log("OK") } }) }; for (let index = 0; index < 20; index++) { console.log(index); Invokation(params); }
1
answers
0
votes
22
views
asked 4 days ago