AWS is sensitive to permissions *inside* .zip files

[pjf]

Firstly, thanks for Zappa, it's making my first steps into working with lambdas much easier. While I haven't quite got my application working fully yet, I did make an interesting discovery today.

It appears that not only can zip files contain unix permissions, but also that AWS is sensitive to these permissions when running code.

The result was that I was getting mysterious Unable to import module 'handler': No module named handler errors when trying to run my code, but after running chmod -R a+rX over my venv directory and re-redeploying, these went away and got replaced with a new yak for me to shave. :)

While this was a terribly obscure error to find, I'm hoping the solution is as straightforward as having zappa manually adjusting the permissions on the zipped files as they're added to the archive.

Many thanks again for a great tool!

~ Paul

[pjf]

Update: My new yak was also a permissions problem, since my application was still set to 0640. On the upside I've now verified that AWS care a lot about permissions. :)

[Miserlou]

Now this is a bug report.

In fact, we already address this for some files, but apparently not enough! Related: https://github.com/Miserlou/Zappa/blob/master/zappa/cli.py#L1455

Want to submit a PR to properly chmod the inside the lambda package creation code? :)

[pjf]

I would love to submit a PR, especially since this is a such a newbie-friendly change to make. Alas, I'm still bootstrapping myself into Python, and have an eye-wateringly full calendar over the next two weeks (four countries, three talks, two conferences, and one change of career), so I can't reasonably promise a PR in anything approaching a timely fashion.

If the bug is still open in 2017, then I'd love to submit a PR, since this would also be a great excuse for me to learn more about Python testing frameworks as well. :)

[kapilt]

fwiw we had to deal with this same issue in another lambda provisioning project, fix for python zip usage https://github.com/capitalone/cloud-custodian/commit/6394043f90ee80495cefd5a6dbf5389ebdb42784

[rjpcal]

Just a +1 for this issue.

I hit this (using zappa==0.35.2) because I run with with umask=0077 as a habit (safety/paranoia holdover from the old days of true multi-user Unix environments with many users' home directories on the same NFS filesystem).

[Miserlou]

I believe this should be fixed now, the fix will be published in the next version update, which should happen quite soon.

@rjpcal - I'm curious about what you're using the project for - feel free to email me at rich@gun.io if you'd like to chat more!