search

davidgf / serverless-plugin-canary-deployments

Canary deployments for your Serverless application
ISC License
373 stars 80 forks source link

alias not subscribe to sns when using arn #54

Closed zjye closed 5 years ago

zjye commented 5 years ago

Sns subscription is not pointing to alias when the configuration as below

canarySns:
  handler: src/event/lambda.canarySns
  description: (SNS) test canary sns binding
  deploymentSettings: ${self:custom.deployment}
  events:
    - sns:
        topicName: fooTopic
        displayName: fooTopic
        filterPolicy:
          eventType:
            - FooEvent
jaygelman commented 5 years ago

I am having the same problem. The subscription does appear in the CloudFormation template created by serverless (I've pasted the relevant portion below), but the AWS console indicates that there was a problem with the subscription. See screenshot.

    "GenerateEventsSnsSubscriptionRightscrmsyncint7generateevents1snstrigger": {
      "Type": "AWS::SNS::Subscription",
      "Properties": {
        "TopicArn": "arn:aws:sns:us-east-1:xxxx:rights-crm-sync-int7-generate-events1-sns-trigger",
        "Protocol": "lambda",
        "Endpoint": {
          "Fn::GetAtt": [
            "GenerateEventsLambdaFunction",
            "Arn"
          ]
        }
      }
    },
    "GenerateEventsLambdaPermissionRightscrmsyncint7generateevents1snstriggerSNS": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "FunctionName": {
          "Ref": "GenerateEventsLambdaFunctionAliasLive"
        },
        "Action": "lambda:InvokeFunction",
        "Principal": {
          "Fn::Join": [
            "",
            [
              "sns.",
              {
                "Ref": "AWS::URLSuffix"
              }
            ]
          ]
        },
        "SourceArn": "arn:aws:sns:us-east-1:xxxx:rights-crm-sync-int7-generate-events1-sns-trigger"
      }
    },
Screen Shot 2019-03-09 at 1 08 59 PM

The CloudFormation events indicate that the stack was set up properly even though there is a problem with the subscription. If I click the "Fix" button, then future serverless deployments update the stack without problems.

davidgf commented 5 years ago

@jaygelman can you share your serverless.yml?

jaygelman commented 5 years ago 
# serverless.yml

service:
  name: rights-crm-sync
  serviceEnv: ${self:service.name}-${self:provider.stage}
  lambdaArnPrefix: arn:aws:lambda:${self:provider.region}:${self:custom.environmentConfig.awsAccountId}:function
  generateEvents:
    lambdaName: ${self:service.serviceEnv}-generate-events1
    lambdaArn: ${self:service.lambdaArnPrefix}:${self:service.generateEvents.lambdaName}
    topicName: ${self:service.serviceEnv}-generate-events1-sns-trigger
    topicArn: arn:aws:sns:${self:provider.region}:${self:custom.environmentConfig.awsAccountId}:${self:service.generateEvents.topicName}
  lambdaSecurityGroup:
    groupName: ${self:service.serviceEnv}-rights-api-access-sg

custom:
  environmentConfig: ${file(./environment-config.js):promised}

provider:
  name: aws
  stage: ${opt:stage, 'int1'}
  runtime: python3.6
  region: us-east-1
  stackTags:
    app: rights
    env: ${self:provider.stage}
  deploymentBucket: 'serverless-deployments-${self:custom.environmentConfig.baseEnv}'

package:
  exclude:
    - "*/**"
  include:
    - src/**/*.py

functions:

  GenerateEvents:
    name: ${self:service.generateEvents.lambdaName}
    description: Generates CRM Entity change events
    handler: src.functions.generate_events.handle
    role: GenerateEventsRole
    timeout: 900
    memorySize: 2048
    reservedConcurrency: 1
    vpc:
      securityGroupIds:
        - Fn::GetAtt: [ CrmSyncLambdaSecurityGroup, GroupId ]
      subnetIds: ${self:custom.environmentConfig.subnetIds}
    environment:
      ssmPrefix: /rights/${self:provider.stage}/${self:service.name}/
    events:
      - sns:
          arn: ${self:service.generateEvents.topicArn}
    deploymentSettings:
      type: Linear10PercentEvery1Minute
      alias: Live

resources:
  Resources:

    GenerateEventsRole:
      Type: AWS::IAM::Role
      Properties:
        Path: /
        RoleName: ${self:service.serviceEnv}-generate-events-role
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
              Action: sts:AssumeRole
        Policies:
          - PolicyName: ${self:service.serviceEnv}-generate-events-policy
            PolicyDocument:
              Version: '2012-10-17'
              Statement:
                - Effect: Allow
                  Action:
                    - logs:CreateLogGroup
                    - logs:CreateLogStream
                    - logs:PutLogEvents
                  Resource:
                    - 'Fn::Join':
                        - ':'
                        - - 'arn:aws:logs'
                          - ${self:provider.region}
                          - ${self:custom.environmentConfig.awsAccountId}
                          - 'log-group:/aws/lambda/*:*:*'
                - Effect: Allow
                  Action:
                    - ses:SendEmail
                    - ssm:DescribeParameters
                    - ssm:GetParameter
                    - ssm:GetParametersByPath
                    - ssm:PutParameter
                    - ec2:CreateNetworkInterface
                    - ec2:DescribeNetworkInterfaces
                    - ec2:DetachNetworkInterfaces
                    - ec2:DeleteNetworkInterface
                  Resource: "*"

    CrmSyncLambdaSecurityGroup:
      Type: AWS::EC2::SecurityGroup
      Properties:
        GroupName: "${self:service.lambdaSecurityGroup.groupName}"
        GroupDescription: "Security group assigned to all rights CRM sync lambdas"
        VpcId: ${self:custom.environmentConfig.vpcId}
        Tags:
          -
            Key: Name
            Value: "${self:service.lambdaSecurityGroup.groupName}"
          -
            Key: app
            Value: "rights"

    GenerateEventsTriggerTopic:
      Type: AWS::SNS::Topic
      Properties:
        DisplayName: "Trigger a generate events lambda execution"
        # Note: the GenerateEvents also subscribes to this topic, but that is declared on the function itself
        TopicName: ${self:service.generateEvents.topicName}

plugins:
  - serverless-python-requirements
  - serverless-plugin-vpc-eni-cleanup
  - serverless-plugin-canary-deployments
zjye commented 5 years ago

@jaygelman , please try v0.4.6

jaygelman commented 5 years ago

@zjye The versions that I am using: serverless-plugin-canary-deployments: 0.4.6 serverless: 1.38.0

davidgf commented 5 years ago

@jaygelman please try v0.4.7, which includes @zjye 's fix

jaygelman commented 5 years ago

That worked. Thanks.

On Apr 1, 2019, at 12:45 PM, David García notifications@github.com wrote:

@jaygelman please try v0.4.7, which includes @zjye 's fix

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.