search

thewca / wca.link

WCA link shortener
https://wca.link
3 stars 4 forks source link

Move off of Ruby 2.5 #9

Closed lgarron closed 3 years ago

lgarron commented 3 years ago

We got this email from AWS:

Hello,

Q. What is happening? A. We are ending support for Ruby 2.5 in AWS Lambda on July 30, 2021. This follows the Ruby language governing body declaring Ruby 2.5 end of life from March 31, 2021 [1].

Q. What does end of support for Ruby 2.5 in Lambda mean? A: As described in the Lambda runtime support policy [2], end of support for language runtimes in Lambda happens in two stages. Starting July 30, 2021, Lambda will no longer apply security patches and other updates to the Ruby 2.5 runtime used by Lambda functions, and functions using Ruby 2.5 will no longer be eligible for technical support. In addition, you will no longer be able to create new Lambda functions using the Ruby 2.5 runtime. Starting Aug 30, 2021, you will no longer be able to update existing functions using the Ruby 2.5 runtime.

End of support does not impact function execution. Your functions will continue to run. However, they will be running on an unsupported runtime which is no longer maintained or patched by the AWS Lambda team.

Q. Why are you contacting me? A. We are contacting you as we have identified that your AWS Account currently has one or more Lambda functions using Ruby 2.5.

Q. How do I know if I have any functions using Ruby 2.5? The following command shows how to use the AWS CLI [3] to list all functions in your account using Ruby2.5:

aws lambda list-functions --function-version ALL --output text --query "Functions[?Runtime=='ruby2.5'].FunctionArn"

Q. What do I need to do? A. You should migrate your existing Ruby 2.5 Lambda functions to Ruby 2.7, which is the latest supported Ruby version in Lambda [4]. By moving to a supported runtime version you will continue to benefit from important security, performance, and functionality enhancements offered by more recent releases.

Q. What if I need additional help? A. Please contact us through AWS Support [5], the AWS Lambda Developer Forum [6], or your AWS account team should you have any questions or concerns.

[1] https://www.ruby-lang.org/en/downloads/branches/ [2] https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html [3] https://aws.amazon.com/cli/ [4] https://aws.amazon.com/about-aws/whats-new/2020/02/aws-lambda-supports-ruby-2-7/ [5] https://aws.amazon.com/support [6] https://forums.aws.amazon.com/forum.jspa?forumID=186

Sincerely, Amazon Web Services

Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210

lgarron commented 3 years ago

Q. How do I know if I have any functions using Ruby 2.5? The following command shows how to use the AWS CLI [3] to list all functions in your account using Ruby2.5:

aws lambda list-functions --function-version ALL --output text --query "Functions[?Runtime=='ruby2.5'].FunctionArn"

Unfortunately, this doesn't work for our default IAM user:

An error occurred (AccessDeniedException) when calling the ListFunctions operation: User: arn:aws:iam::285938427530:user/WCA is not authorized to perform: lambda:ListFunctions on resource: *

I'm going to try to see if I can authorize it.

lgarron commented 3 years ago

I'm going to try to see if I can authorize it.

Alright, I was able to log into the AWS root user and grant AWSLambda_FullAccess to the WCA user. Now we get:

> aws lambda list-functions --function-version ALL --output text --query "Functions[?Runtime=='ruby2.5'].FunctionArn"

arn:aws:lambda:us-west-2:285938427530:function:wcalink_prod:$LATEST
lgarron commented 3 years ago

I now get:

> terraform init

Initializing the backend...
╷
│ Error: Failed to decode current backend config
│ 
│ The backend configuration created by the most recent run of "terraform init" could not be decoded: unsupported attribute "lock_table". The configuration may have been initialized by an
│ earlier version that used an incompatible configuration structure. Run "terraform init -reconfigure" to force re-initialization of the backend.
╵

> terraform init -reconfigure

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
╷
│ Error: Invalid legacy provider address
│ 
│ This configuration or its associated state refers to the unqualified provider "aws".
│ 
│ You must complete the Terraform 0.13 upgrade process before upgrading to later versions.
╵

It seems that we were on Terraform 0.12, and I need to install 0.13, 0.14, and 0.15 each in turn. Going to try https://warrensbox.medium.com/how-to-manage-different-terraform-versions-for-each-project-51cca80ccece#:~:text=Brew%20tap%20install%20terraform%20%E2%80%94%20tfswitch&text=If%20you%20do%20not%20have,dropdown%20and%20start%20using%20terraform.

lgarron commented 3 years ago

It seems that we were on Terraform 0.12, and I need to install 0.13, 0.14, and 0.15 each in turn. Going to try https://warrensbox.medium.com/how-to-manage-different-terraform-versions-for-each-project-51cca80ccece#:~:text=Brew%20tap%20install%20terraform%20%E2%80%94%20tfswitch&text=If%20you%20do%20not%20have,dropdown%20and%20start%20using%20terraform.

Using tfswitch to install Terraform 0.12 seems to work, but the WCA user is missing... a bunch of permissions. I don't feel comfortable putting all these permissions on the WCA user without discussing it with more of the WST, so I've sent and email and Slack question about involving someone else.


Error: error getting Route53 Hosted Zone (Z3JXHOI02QR037): AccessDenied: User: arn:aws:iam::285938427530:user/WCA is not authorized to perform: route53:GetHostedZone on resource: arn:aws:route53:::hostedzone/Z3JXHOI02QR037
        status code: 403, request id: 63029216-f101-4e27-85b6-165f14be7922

Error: AccessDeniedException: User: arn:aws:iam::285938427530:user/WCA is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-west-2:285938427530:table/wca-terraform-state-lock-dynamo
        status code: 400, request id: 841L4CPQVSOV0VK0OCKKT4BT37VV4KQNSO5AEMVJF66Q9ASUAAJG

Error: Error describing certificate: AccessDeniedException: User: arn:aws:iam::285938427530:user/WCA is not authorized to perform: acm:DescribeCertificate on resource: arn:aws:acm:us-east-1:285938427530:certificate/1c87c578-1dff-4d65-a647-a9caa6b80a49
        status code: 400, request id: 564fd983-9119-45bc-a65a-04e25d8dfbd3

Error: error reading API Gateway REST API (po0bbvqnoc): AccessDeniedException: User: arn:aws:iam::285938427530:user/WCA is not authorized to perform: apigateway:GET on resource: arn:aws:apigateway:us-west-2::/restapis/po0bbvqnoc
        status code: 403, request id: b5b3abb9-700a-42e1-8d1b-474d6236ee31
FinnIckler commented 3 years ago

Hi Lucas, I sent you new credentials that you can use to change this.

lgarron commented 3 years ago

Alright, it took a few tries of config updates, but I think I got it done!

This used to return something (arn:aws:lambda:us-west-2:285938427530:function:wcalink_prod:$LATEST), but no longer does:

aws lambda list-functions --function-version ALL --output text --query "Functions[?Runtime=='ruby2.5'].FunctionArn"
kvendingoldo commented 5 months ago

btw. you can also use tenv that support Terraform as well as OpenTofu (and Terragrunt :) ) in one tool. It allow you to simplify version management and can do much more, than tfswitch.