Can't use Publish-LMFunction command to create Lambda function using ECR container image

[pcgeek86]

Description

Originally posted here

I am trying to publish an AWS Lambda Function, using the CreateFunction API call, that uses a container image stored inside Amazon Elastic Container Registry (ECR). I'm using the AWS Tools for PowerShell, and the Publish-LMFunction command.

According to the AWS Lambda documentation, I should only need to specify these parameters.

To create a function defined as container image, use the create-function command. Set the package-type to Image and specify your container image URI using the code parameter. Note that you must create the function from the same account as the container registry in Amazon EFS.

NOTE: I copy-pasted the above quote from the docs. I am pretty sure the documentation is straight up incorrect, saying EFS (Elastic File System). Instead, it should say Elastic Container Registry (ECR).

$FunctionParams = @{
  FunctionName = 'xxxxxxxxxxxxxx'
  PackageType = 'Image'
  Role = 'arn:aws:iam::xxxxxxxxx:role/service-role/xxxxxxxxxxxx'
  Code_ImageUri = 'xxxxxxxxxx.dkr.ecr.us-west-2.amazonaws.com/xxxxxxxxxxx'
}
Publish-LMFunction @FunctionParams

If I run the above code, I get prompted for the -Handler parameter. If I plug in a random value for -Handler, then I get prompted to enter the -Code_ZipFile parameter. Neither of these parameters should be required in order to publish an AWS Lambda function using a container image in ECR.

Question: How do I use the Publish-LMFunction command to create an AWS Lambda function using a container in ECR?

Environment

[cbt]C:\Users\TrevorSullivan> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.1.2
PSEdition                      Core
GitCommitId                    7.1.2
OS                             Microsoft Windows 10.0.21327
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

[cbt]C:\Users\TrevorSullivan> gmo

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Binary     4.1.9.0               AWS.Tools.Common                    {Add-AWSLoggingListener, Clear-AWSCredential, Clear-AWSDefaultConfiguration, Clear-AWSHistory…}
Binary     4.1.9.0               AWS.Tools.Lambda                    {Add-LMLayerVersionPermission, Add-LMPermission, Add-LMResourceTag, Get-LMAccountSetting…}
Script     0.0                   ImportGuard
Manifest   7.0.0.0               Microsoft.PowerShell.Management     {Add-Content, Clear-Content, Clear-Item, Clear-ItemProperty…}
Manifest   7.0.0.0               Microsoft.PowerShell.Security       {ConvertFrom-SecureString, ConvertTo-SecureString, Get-Acl, Get-AuthenticodeSignature…}
Manifest   7.0.0.0               Microsoft.PowerShell.Utility        {Add-Member, Add-Type, Clear-Variable, Compare-Object…}
Manifest   7.0.0.0               Microsoft.WSMan.Management          {Connect-WSMan, Disable-WSManCredSSP, Disconnect-WSMan, Enable-WSManCredSSP…}
Script     2.1.0                 PSReadLine                          {Get-PSReadLineKeyHandler, Get-PSReadLineOption, Remove-PSReadLineKeyHandler, Set-PSReadLineKeyHandler…}

Resolution

• [ ] :wave: I can/would-like-to implement a fix for this problem myself

---

This is a :bug: bug-report

[ashishdhingra]

Reproducible.

Steps to build/deploy Docker image to ECR reprository

1. From .NET CLI, used dotnet new lambda.EmptyFunction --name PowerShellLambdaImageTest to create a new Lambda project.
2. Added the following Dockerfile to the root of the project:

   
   FROM public.ecr.aws/lambda/dotnet:core3.1 AS base  

FROM mcr.microsoft.com/dotnet/sdk:3.1 as build
WORKDIR /src
COPY ["PowerShellLambdaImageTest.csproj", "base/"]
RUN dotnet restore "base/PowerShellLambdaImageTest.csproj"

WORKDIR "/src"
COPY . .
RUN dotnet build "PowerShellLambdaImageTest.csproj" --configuration Release --output /app/build

FROM build AS publish
RUN dotnet publish "PowerShellLambdaImageTest.csproj" \
--configuration Release \
--runtime linux-x64 \
--self-contained false \
--output /app/publish \
-p:PublishReadyToRun=true

FROM base AS final
WORKDIR /var/task
COPY --from=publish /app/publish .
CMD ["PowerShellLambdaImageTest::PowerShellLambdaImageTest.Function::FunctionHandler"]

3. Ran `docker build -t powershelllambdaimagetest .` from the root of the project to build the docker image.

Sending build context to Docker daemon 17.41kB Step 1/14 : FROM public.ecr.aws/lambda/dotnet:core3.1 AS base core3.1: Pulling from lambda/dotnet 4924d4a8a36a: Pull complete 4ac0ecec77cb: Pull complete 36b389119d3c: Pull complete 03ac043af787: Pull complete d384a2730a30: Pull complete ea919c335c2d: Pull complete Digest: sha256:76c39848268e7ede1c3f57e9f66c67edcd03526e6f893a8ceaa784a58e54d762 Status: Downloaded newer image for public.ecr.aws/lambda/dotnet:core3.1 ---> ceb2520afa52 Step 2/14 : FROM mcr.microsoft.com/dotnet/sdk:3.1 as build 3.1: Pulling from dotnet/sdk 0ecb575e629c: Pull complete 7467d1831b69: Pull complete feab2c490a3c: Pull complete f15a0f46f8c3: Pull complete de7f23e9bc5b: Pull complete c5503e9f9381: Pull complete 7d251d9bbb66: Pull complete Digest: sha256:8e4a55f6349d9f04f1a02f9e1187ea350a3c77d0300624c5f6f70d5152b2abc1 Status: Downloaded newer image for mcr.microsoft.com/dotnet/sdk:3.1 ---> ec3ca8a1472c Step 3/14 : WORKDIR /src ---> Running in f82a80bb0141 Removing intermediate container f82a80bb0141 ---> 12e27c19fdb6 Step 4/14 : COPY ["PowerShellLambdaImageTest.csproj", "base/"] ---> 73d1da525dcf Step 5/14 : RUN dotnet restore "base/PowerShellLambdaImageTest.csproj" ---> Running in 178264856eff Determining projects to restore... Restored /src/base/PowerShellLambdaImageTest.csproj (in 1.25 sec). Removing intermediate container 178264856eff ---> 0da1617f2aca Step 6/14 : WORKDIR "/src" ---> Running in 72838cdd827d Removing intermediate container 72838cdd827d ---> bfcdb98ae4e0 Step 7/14 : COPY . . ---> 892d256ffd9f Step 8/14 : RUN dotnet build "PowerShellLambdaImageTest.csproj" --configuration Release --output /app/build ---> Running in c9149bd28ed4 Microsoft (R) Build Engine version 16.7.2+b60ddb6f4 for .NET Copyright (C) Microsoft Corporation. All rights reserved.

Determining projects to restore... Restored /src/PowerShellLambdaImageTest.csproj (in 223 ms). PowerShellLambdaImageTest -> /app/build/PowerShellLambdaImageTest.dll

Build succeeded. 0 Warning(s) 0 Error(s)

Time Elapsed 00:00:02.25 Removing intermediate container c9149bd28ed4 ---> 9724a1ee425a Step 9/14 : FROM build AS publish ---> 9724a1ee425a Step 10/14 : RUN dotnet publish "PowerShellLambdaImageTest.csproj" --configuration Release --runtime linux-x64 --self-contained false --output /app/publish -p:PublishReadyToRun=true ---> Running in 59d43370a8fb Microsoft (R) Build Engine version 16.7.2+b60ddb6f4 for .NET Copyright (C) Microsoft Corporation. All rights reserved.

Determining projects to restore... Restored /src/PowerShellLambdaImageTest.csproj (in 5.03 sec). PowerShellLambdaImageTest -> /src/bin/Release/netcoreapp3.1/linux-x64/PowerShellLambdaImageTest.dll PowerShellLambdaImageTest -> /app/publish/ Removing intermediate container 59d43370a8fb ---> 7d1e27ee05c7 Step 11/14 : FROM base AS final ---> ceb2520afa52 Step 12/14 : WORKDIR /var/task ---> Running in d8809aa5ec35 Removing intermediate container d8809aa5ec35 ---> 3d6d7b831bcd Step 13/14 : COPY --from=publish /app/publish . ---> 5eff4b78253e Step 14/14 : CMD ["PowerShellLambdaImageTest::PowerShellLambdaImageTest.Function::FunctionHandler"] ---> Running in 3803dba4a53a Removing intermediate container 3803dba4a53a ---> 3dbbdfd27266 Successfully built 3dbbdfd27266 Successfully tagged powershelllambdaimagetest:latest

4. Ran the docker image using command `docker run -p 9000:8080 powershelllambdaimagetest`.
5. Tested the function using the command `curl -XPOST "http://localhost:9000/2015-03-31/functions/function/invocations" -d '"Hello World"'`, it returned the following output:

"HELLO WORLD"

6. Executed the command `aws ecr create-repository --repository-name powershelllambdaimagetest` to Create ECR repository. It gave the following output:
```JSON
{
    "repository": {
        "repositoryArn": "arn:aws:ecr:us-east-2:139480602983:repository/powershelllambdaimagetest",
        "registryId": "139480602983",
        "repositoryName": "powershelllambdaimagetest",
        "repositoryUri": "139480602983.dkr.ecr.us-east-2.amazonaws.com/powershelllambdaimagetest",
        "createdAt": "2021-03-08T11:40:43-08:00",
        "imageTagMutability": "MUTABLE",
        "imageScanningConfiguration": {
            "scanOnPush": false
        },
        "encryptionConfiguration": {
            "encryptionType": "AES256"
        }
    }
}

7. Opened ECR repository in AWS Console. Clicked on View push commands and used the listed commands to push the image to ECR repository.

PowerShell command: Executing the below PowerShell command prompts for Handler, Role and Code_ZipFile[0]:

Publish-LMFunction -Code_ImageUri "139480602983.dkr.ecr.us-east-2.amazonaws.com/powershelllambdaimagetest:latest" -FunctionName "PowerShellLambdaTest" -PackageType "Image"

While creating Lambda function from AWS Console that uses ECR container image, it only requires function name, Container image URI and role.

[pcgeek86]

Thank you for creating a full reproduction of this @ashishdhingra. I hope to see a fix soon. For the time being, I have used the AWS CLI v1 tool to invoke the CreateFunction API call.

However, I try to encourage people to stick with the AWS Tools for PowerShell, so they don't have to also install and learn about the AWS CLI separately.

[ashishdhingra]

The possible solution is to update https://github.com/aws/aws-tools-for-powershell/blob/master/generator/AWSPSGeneratorLib/Config/ServiceConfig/lambda.xml to explicitly specify ParameterSetName for ImageUri for service operation CreateFunction, something like:

<Param Name="Code_ImageUri" ParameterSetName="FromImage" Mandatory="true" />

However, since ECR image doesn't require Handler parameter, there needs to be ability to specify multiple ParameterSetName(s) for Handler parameter, may be semi-colon separated list (e.g. FromS3Object;FromMemoryStream;FromZipFile). Kindly note that parameter is required for S3 bucket or Zip file scenarios. But CmdletSourceWriter.WriteParamAttribute does not support processing multiple ParameterSetName(s) for an attribute. This requires generator change. After generator is modified to handle multiple ParameterSetName(s), Handler parameter should be modified to add ParameterSetName(s):

<Param Name="Handler" ParameterSetName="FromS3Object;FromMemoryStream;FromZipFile" Mandatory="true" />

[Kitsune-Fox]

So uuh, guys?

It's now been almost a year since this was brought up.

This is the best part, if I run this:

Publish-LMFunction -FunctionName ThisWillNotWork -PackageType Image -Role "arn:aws:iam::00000000:role/BeepBoopImARole" -Code_ZipFile 000000000.dkr.ecr.eu-west-0.amazonaws.com/ImageGoesHere

It asks me for the handler, if I put anything in the handler I get this: Publish-LMFunction: The Handler parameter is not supported for functions created with container images.

Oh and I used -Code_ZipFile because using -Code_ImageUri just ends up asking you for -Code_ZipFile anyway.

Any chance this can be fixed sometime in 2022?

[ashishdhingra]

So uuh, guys?

It's now been almost a year since this was brought up.

Any chance this can be fixed sometime in 2022?

@Kitsune-Fox The fix for the issue should be released in next AWS Tools for PowerShell release later this month.

[ashishdhingra]

This should be fixed in AWS.Tools.Lambda 4.1.18.0

[github-actions[bot]]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.