search

FieryCod / holy-lambda

The extraordinary simple, performant, and extensible custom AWS Lambda runtime for Clojure.
https://fierycod.github.io/holy-lambda
MIT License
340 stars 20 forks source link

[BUG] Unclear how to use profiles #82

Open Folcon opened 2 years ago

Folcon commented 2 years ago

Describe the bug I got this error while I was going through the tutorial:

%  sam local invoke ExampleLambdaFunction
Invoking test-aws-fn.core.ExampleLambda (provided)
Traceback (most recent call last):
  File "/usr/local/bin/sam", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/click/decorators.py", line 73, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/lib/telemetry/metric.py", line 166, in wrapped
    raise exception  # pylint: disable=raising-bad-type
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/lib/telemetry/metric.py", line 124, in wrapped
    return_value = func(*args, **kwargs)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/lib/utils/version_checker.py", line 41, in wrapped
    actual_result = func(*args, **kwargs)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/cli/main.py", line 87, in wrapper
    return func(*args, **kwargs)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/commands/local/invoke/cli.py", line 85, in cli
    do_cli(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/commands/local/invoke/cli.py", line 182, in do_cli
    context.local_lambda_runner.invoke(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/commands/local/lib/local_lambda.py", line 137, in invoke
    self.local_runtime.invoke(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/lib/telemetry/metric.py", line 230, in wrapped_func
    return_value = func(*args, **kwargs)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/local/lambdafn/runtime.py", line 178, in invoke
    container = self.create(function_config, debug_context, container_host, container_host_interface)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/local/lambdafn/runtime.py", line 73, in create
    container = LambdaContainer(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/local/docker/lambda_container.py", line 93, in __init__
    image = LambdaContainer._get_image(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/local/docker/lambda_container.py", line 236, in _get_image
    return lambda_image.build(runtime, packagetype, image, layers, architecture, function_name=function_name)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/local/docker/lambda_image.py", line 133, in build
    downloaded_layers = self.layer_downloader.download_all(layers, self.force_image_build)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/local/layers/layer_downloader.py", line 77, in download_all
    layer_dirs.append(self.download(layer, force))
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/local/layers/layer_downloader.py", line 111, in download
    layer_zip_uri = self._fetch_layer_uri(layer)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/local/layers/layer_downloader.py", line 141, in _fetch_layer_uri
    layer_version_response = self.lambda_client.get_layer_version(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/samcli/local/layers/layer_downloader.py", line 43, in lambda_client
    self._lambda_client = self._lambda_client or boto3.client("lambda")
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/boto3/__init__.py", line 92, in client
    return _get_default_session().client(*args, **kwargs)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/boto3/session.py", line 299, in client
    return self._session.create_client(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/botocore/session.py", line 884, in create_client
    client = client_creator.create_client(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/botocore/client.py", line 101, in create_client
    client_args = self._get_client_args(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/botocore/client.py", line 370, in _get_client_args
    return args_creator.get_client_args(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/botocore/args.py", line 71, in get_client_args
    final_args = self.compute_client_args(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/botocore/args.py", line 148, in compute_client_args
    endpoint_config = self._compute_endpoint_config(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/botocore/args.py", line 234, in _compute_endpoint_config
    return self._resolve_endpoint(**resolve_endpoint_kwargs)
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/botocore/args.py", line 320, in _resolve_endpoint
    return endpoint_bridge.resolve(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/botocore/client.py", line 451, in resolve
    resolved = self.endpoint_resolver.construct_endpoint(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/botocore/regions.py", line 183, in construct_endpoint
    result = self._endpoint_for_partition(
  File "/usr/local/Cellar/aws-sam-cli/1.43.0/libexec/lib/python3.8/site-packages/botocore/regions.py", line 217, in _endpoint_for_partition
    raise NoRegionError()
botocore.exceptions.NoRegionError: You must specify a region.

I thought:

HL_PROFILE=example-iam-user sam local invoke ExampleLambdaFunction

However, this doesn't ensure that AWS is also using that user, so I swapped to using:

AWS_PROFILE=example-iam-user sam local invoke ExampleLambdaFunction

Which I think is better behaviour.

To reproduce Steps to reproduce the behavior:

Use a non default user to run holylambda.

Expected behavior A minimal as well as a recommended list of permissions / policies to use with an IAM user to use holylambda as well as a note in the tutorial of how to not use the default user.

FieryCod commented 2 years ago

Hi,

AWS SAM is a separate tool that HL doesn't control. Please consult AWS SAM documentation on how to change the profile and region in for the invoke command.

Typing on the phone, but as far as I remember it was something like:

sam local invoke --profile xyz --region eu-central-1

A minimal as well as a recommended list of permissions / policies to use with an IAM user to use holylambda as well as a note in the tutorial of how to not use the default user.

Such information varies according to the deployment solution ones uses and it's already documented upstream in AWS docs.

Folcon commented 2 years ago

@FieryCod, sorry I was unclear, I was suggesting that the docs not mentioning that AWS_PROFILE is expected to be used if you want compatibly with AWS SAM and holy-lambda is a bug in the docs (IE They both will then use the same profile and therefore the same region).

Perhaps something should be mentioned there?

FieryCod commented 2 years ago

There is nothing like compatibility between AWS SAM and holy-lambda, but rather AWS CLI and Holy Lambda. HL uses AWS_PROFILE for one of it's internal tasks of generating native configuration for native backend.

Anyway I think I got your point. PR welcome. Thank you for submitting the issue :) All the best!