Is your feature request related to a problem? Please describe.
@Datadog's ASM support for Lambda is implemented using a proxy around the AWS_LAMBDA_RUNTIME_API so we can intercept requests & responses and pass them to the WAF (for monitoring and possibly blocking).
This flow requires replacing the value of AWS_LAMBDA_RUNTIME_API with an alternate endpoint, which is normally achieved by setting the AWS_LAMBDA_EXEC_WRAPPER environment variable on the Lambda function to /opt/datadog_wrapper which then sets AWS_LAMBDA_RUNTIME_API to the host:port of the reverse proxy started by the Datadog extension.
Unfortunately, the provided runtimes (provided, provided.al2, and coincidentally go1.x) do not actually honor this environment variable and require special casing.
Describe the solution you'd like
It's unclear why custom/provided runtimes fail to honor this setting, and we would like to understand if it would be possible for the provided runtimes to actually do this.
Failing that, we think it would be feasible (although perhaps not desirable, notably because of the added cold start latency) for github.com/aws/aws-lambda-go to come with an init function that detects the AWS_LAMBDA_EXEC_WRAPPER environment variable, and when present, uses syscall.exec to enact the other runtime's flow.
Is your feature request related to a problem? Please describe.
@Datadog's ASM support for Lambda is implemented using a proxy around the
AWS_LAMBDA_RUNTIME_APIso we can intercept requests & responses and pass them to the WAF (for monitoring and possibly blocking).This flow requires replacing the value of
AWS_LAMBDA_RUNTIME_APIwith an alternate endpoint, which is normally achieved by setting theAWS_LAMBDA_EXEC_WRAPPERenvironment variable on the Lambda function to/opt/datadog_wrapperwhich then setsAWS_LAMBDA_RUNTIME_APIto thehost:portof the reverse proxy started by the Datadog extension.Unfortunately, the provided runtimes (
provided,provided.al2, and coincidentallygo1.x) do not actually honor this environment variable and require special casing.Describe the solution you'd like
It's unclear why custom/provided runtimes fail to honor this setting, and we would like to understand if it would be possible for the provided runtimes to actually do this.
Failing that, we think it would be feasible (although perhaps not desirable, notably because of the added cold start latency) for
github.com/aws/aws-lambda-goto come with aninitfunction that detects theAWS_LAMBDA_EXEC_WRAPPERenvironment variable, and when present, usessyscall.execto enact the other runtime's flow.Describe alternatives you've considered
We are considering a focalized solution in https://github.com/DataDog/datadog-lambda-go/pull/143, but feel like this would be best addressed higher up in the dependency/responsibility chain.
Additional context
See: https://docs.aws.amazon.com/lambda/latest/dg/runtimes-modify.html#runtime-wrapper. See: https://github.com/DataDog/datadog-lambda-extension/blob/main/scripts/datadog_wrapper.