3
votes

I'm doing something that I think is straightforward, but one step I need to do something pretty hacky, so I'm guessing there's a better way. I have a set of AWS lambdas (in java, but that's probably irrelevant) that I want to put into CI/CD. So what I have now is one codecommit repo with the source; I have a codebuild job that builds them and updates the gamma version of the lambda. Then I have another codecommit repo with the integration tests, and a codebuild job that builds the tests and runs them (and fails to build if the tests fail). I connected them together with codepipeline, and all is well!

Except that if the tests pass, I want to automathically update the prod lambda's function code. The only way I can see to do this is make yet a third codebuild job, than runs a buildspec.yml that does nothing but run "aws lambda update-function-code". It seems really wrong to run a whole codebuild just for this. Is there a way in codepipeline to just directly update a lambda function code with one of the artifacts in the pipeline?

I see that I can put a cloudformation into the pipeline, but that looks like it needs a new cloudformation file - I don't want to update the formation or the lambda configuration, just the code.

UPDATE: I used the AWS recommended method for a while, but had to abandon it. When you do this, it attaches a role to the cloudformation stack, and any future manual updates of the stack fail unless the attached role has the permissions needed. So you either have to give full AWS access to your CI/CD pipeline, or you are in for a world of hurt when you hand-edit your stack and deploy that.

In the end a solution that worked much better for me was to simply write a deployspec.yml file that takes an artifact and sends it to the lambda, stick that in my lambda source code repository, and run that as a build stage. Problem solved, and it doesn't trash my cloudformation stack.

1
FOLLOWUP: I used the AWS recommended method for a while, but had to abandon it. When you do this, it attaches a role to the cloudformation stack, and any future manual updates of the stack fail unless the attached role has the permissions needed. So you either have to give full AWS access to your CI/CD pipeline, or you are in for a world of hurt when you hand-edit your stack and deploy that.Bill Shubert

1 Answers

1
votes

AWS has a great tutorial for a CI/CD pipeline for Lambda function [1]. This uses CodePipeline and CloudFormation. This is the best suggested method and I will highly recommend to use it even though you may need to learn a bit of CloudFormation but it will be worth it in the long run.

[1] https://docs.aws.amazon.com/lambda/latest/dg/build-pipeline.html