ClusterLabs / resource-agents

Combined repository of OCF agents from the RHCS and Linux-HA projects
GNU General Public License v2.0
489 stars 577 forks source link

Resource agent - AWS Lambda support #1877

Open Jordy-devops opened 1 year ago

Jordy-devops commented 1 year ago

Hello,

Is it possible or can it be made possible that the resource agent can also trigger a Lambda function within AWS? At the company i work for, we use different account levels and my team's account does not have the privilege of making any direct changes on VPC/Route table level. The VPC/Route table change needs to be done via a Lambda function in our case.

Thanks in advance.

Jordy.

oalbrigt commented 1 year ago

We dont have any plans to introduce Lambda support, but if you got any examples of how to do it with awscli/API that might help us getting it added eventually.

karelgotz commented 12 months ago

Hi Oyvind, We have shared VPC within AWS. We own the sub-account while we do not own the top-tier account where the routing table should be modified in case of failover/switchover. The owner of top-tier account does not want to grant access to change routing table directly because it would give us privilege to change also records that are not related to our account - the top-tier owner wants to be in control. That is why we are looking for a way how to modify routing table and at the same time give the top-tier owner confidence that we are changing only our records. Basically we would be calling API endpoint with certain parameters triggering Lambda function instead of changing routing table directly. That way the top-tier account owner can implement some conditioning on Lambda function level that insures that we are changing only records that belong to us. I hope this makes sense. Kind regards, Karel