Skip to content

Commit 1575b40

Browse files
sthulbleandrodamascena
sthulb
and
leandrodamascena
authored
feat(ssm): Parameters for resolving to versioned layers (#5754)
* feat(ssm): Parameters for resolving to versioned layers * add description block * fix typo * add docs * fix ssm placement --------- Co-authored-by: Leandro Damascena <[email protected]>
1 parent 4e2e452 commit 1575b40

File tree

2 files changed

+165
-17
lines changed

2 files changed

+165
-17
lines changed

.github/workflows/update_ssm.yml

+109
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,109 @@
1+
# SSM Parameters update
2+
#
3+
# PROCESS
4+
# Creates parameters in regional AWS accounts for each layer we create, using the inputs to target specific releases
5+
# * environment: will prefix /beta/ into the parameter
6+
# * write_latest: will create a latest alias instead of a version number in the parameter
7+
# * package_version: semantic version number of the released layer (3.x.y)
8+
# * layer_version: this is sequential layer version from the ARN
9+
#
10+
# A successful parameter would look similar to:
11+
# /aws/service/powertools/python/arm64/python3.8/3.1.0
12+
# And will have a value of:
13+
# arn:aws:lambda:eu-west-1:017000801446:layer:AWSLambdaPowertoolsPythonV3-python38-arm64:4
14+
15+
on:
16+
workflow_dispatch:
17+
inputs:
18+
environment:
19+
description: Environment to deploy to
20+
type: choice
21+
options:
22+
- Beta
23+
- Prod
24+
required: true
25+
26+
write_latest:
27+
description: Write to the latest path
28+
type: boolean
29+
required: false
30+
31+
package_version:
32+
description: Semantic Version of published layer
33+
type: string
34+
required: true
35+
36+
layer_version:
37+
description: Layer version
38+
type: string
39+
required: true
40+
41+
name: SSM Parameters
42+
run-name: SSM Parameters - Python
43+
44+
permissions:
45+
contents: read
46+
47+
jobs:
48+
python:
49+
runs-on: ubuntu-latest
50+
environment: SSM
51+
strategy:
52+
matrix:
53+
region: ["af-south-1", "ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3",
54+
"ap-south-1", "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3",
55+
"ap-southeast-4", "ca-central-1", "ca-west-1", "eu-central-1", "eu-central-2",
56+
"eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3",
57+
"il-central-1", "me-central-1", "me-south-1", "sa-east-1", "us-east-1",
58+
"us-east-2", "us-west-1", "us-west-2", "ap-southeast-5"
59+
]
60+
61+
permissions:
62+
contents: write
63+
id-token: write
64+
steps:
65+
- id: transform
66+
run: |
67+
echo 'CONVERTED_REGION=${{ matrix.region }}' | tr 'a-z\-' 'A-Z_' >> "$GITHUB_OUTPUT"
68+
- id: creds
69+
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
70+
with:
71+
aws-region: ${{ matrix.region }}
72+
role-to-assume: ${{ secrets[format('{0}', steps.transform.outputs.CONVERTED_REGION)] }}
73+
mask-aws-account-id: true
74+
- id: write-version
75+
env:
76+
prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
77+
run: |
78+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.8/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python38-arm64:${{ inputs.layer_version }}" --type String
79+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.9/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python39-arm64:${{ inputs.layer_version }}" --type String
80+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.10/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python310-arm64:${{ inputs.layer_version }}" --type String
81+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.11/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python311-arm64:${{ inputs.layer_version }}" --type String
82+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.12/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-arm64:${{ inputs.layer_version }}" --type String
83+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.13/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python313-arm64:${{ inputs.layer_version }}" --type String
84+
85+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.8/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python38-x86_64:${{ inputs.layer_version }}" --type String
86+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.9/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python39-x86_64:${{ inputs.layer_version }}" --type String
87+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.10/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python310-x86_64:${{ inputs.layer_version }}" --type String
88+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.11/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python311-x86_64:${{ inputs.layer_version }}" --type String
89+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.12/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:${{ inputs.layer_version }}" --type String
90+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.13/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python313-x86_64:${{ inputs.layer_version }}" --type String
91+
92+
- id: write-latest
93+
if: inputs.write_latest == true
94+
env:
95+
prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
96+
run: |
97+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.8/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python38-arm64:${{ inputs.layer_version }}" --type String
98+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.9/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python39-arm64:${{ inputs.layer_version }}" --type String
99+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.10/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python310-arm64:${{ inputs.layer_version }}" --type String
100+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.11/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python311-arm64:${{ inputs.layer_version }}" --type String
101+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.12/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-arm64:${{ inputs.layer_version }}" --type String
102+
aws ssm put-parameter --name ${{ env.prefix }}/python/arm64/python3.13/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python313-arm64:${{ inputs.layer_version }}" --type String
103+
104+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.8/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python38-x86_64:${{ inputs.layer_version }}" --type String
105+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.9/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python39-x86_64:${{ inputs.layer_version }}" --type String
106+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.10/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python310-x86_64:${{ inputs.layer_version }}" --type String
107+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.11/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python311-x86_64:${{ inputs.layer_version }}" --type String
108+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.12/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:${{ inputs.layer_version }}" --type String
109+
aws ssm put-parameter --name ${{ env.prefix }}/python/x86_64/python3.13/latest --value "arn:aws:lambda:${{ matrix.region }}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python313-x86_64:${{ inputs.layer_version }}" --type String

docs/index.md

+56-17
Original file line numberDiff line numberDiff line change
@@ -72,32 +72,51 @@ You can install Powertools for AWS Lambda (Python) using your favorite dependenc
7272
| x86_64 | __arn:aws:lambda:{region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-{python_version}-x86_64:4__{: .copyMe}:clipboard: |
7373
| ARM | __arn:aws:lambda:{region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-{python_version}-arm64:4__{: .copyMe}:clipboard: |
7474

75-
=== "Lambda Layer (GovCloud)"
75+
=== "AWS Console"
7676

77-
[Lambda Layer](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html){target="_blank"} is a .zip file archive that can contain additional code, pre-packaged dependencies, data, or configuration files. We compile and optimize [all dependencies](#install), and remove duplicate dependencies [already available in the Lambda runtime](https://github.com/aws-powertools/powertools-lambda-layer-cdk/blob/d24716744f7d1f37617b4998c992c4c067e19e64/layer/Python/Dockerfile#L36){target="_blank"} to achieve the most optimal size.
77+
You can add our layer using the [AWS Lambda Console _(direct link)_](https://console.aws.amazon.com/lambda/home#/add/layer){target="_blank"}:
7878

79-
For the latter, make sure to replace `{python_version}` without the period (.), e.g., `python313` for `Python 3.13`.
79+
* Under Layers, choose `AWS layers` or `Specify an ARN`
80+
* Click to copy the [correct ARN](#lambda-layer) value based on your AWS Lambda function architecture and region
8081

81-
**AWS GovCloud (us-gov-east-1)**
8282

83-
| Architecture | Layer ARN |
84-
| ------------ | --------------------------------------------------------------------------------------------------------- |
85-
| x86_64 | __arn:aws-us-gov:lambda:us-gov-east-1:165087284144:layer:AWSLambdaPowertoolsPythonV3-{python_version}-x86_64:4__{: .copyMe}:clipboard: |
86-
| ARM | __arn:aws-us-gov:lambda:us-gov-east-1:165087284144:layer:AWSLambdaPowertoolsPythonV3-{python_version}-arm64:4__{: .copyMe}:clipboard: |
83+
=== "AWS SSM Parameter Store"
84+
We offer Parameter Store aliases for releases too, allowing you to specify either specific versions or use the latest version on every deploy. To use these you can add these snippets to your AWS CloudFormation or Terraform projects:
8785

88-
**AWS GovCloud (us-gov-west-1)**
86+
**CloudFormation**
8987

90-
| Architecture | Layer ARN |
91-
| ------------ | --------------------------------------------------------------------------------------------------------- |
92-
| x86_64 | __arn:aws-us-gov:lambda:us-gov-west-1:165093116878:layer:AWSLambdaPowertoolsPythonV3-{python_version}-x86_64:4__{: .copyMe}:clipboard: |
93-
| ARM | __arn:aws-us-gov:lambda:us-gov-west-1:165093116878:layer:AWSLambdaPowertoolsPythonV3-{python_version}-arm64:4__{: .copyMe}:clipboard: |
88+
Sample Placeholders:
9489

95-
=== "AWS Console"
90+
- `{arch}` is either `arm64` (Graviton based functions) or `x86_64`
91+
- `{python_version}` is the Python version without the period (.), e.g., `python313` for `Python 3.13`.
92+
- `{version}` is the semantic version number (e,g. 3.1.0) for a release or `latest`
9693

97-
You can add our layer using the [AWS Lambda Console _(direct link)_](https://console.aws.amazon.com/lambda/home#/add/layer){target="_blank"}:
94+
```yaml
95+
MyFunction:
96+
Type: "AWS::Lambda::Function"
97+
Properties:
98+
...
99+
Layers:
100+
- {{resolve:ssm:/aws/service/powertools/python/{arch}/{python_version}/{version}}}
101+
```
98102

99-
* Under Layers, choose `AWS layers` or `Specify an ARN`
100-
* Click to copy the [correct ARN](#lambda-layer) value based on your AWS Lambda function architecture and region
103+
**Terraform**
104+
105+
Using the [`aws_ssm_parameter`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) data provider from the AWS Terraform provider allows you to lookup the value of parameters to use later in your project.
106+
107+
```hcl
108+
data "aws_ssm_parameter" "powertools_version" {
109+
name = "/aws/service/powertools/python/{arch}/{python_version}/{version}"
110+
}
111+
112+
resource "aws_lambda_function" "test_lambda" {
113+
...
114+
115+
runtime = "python3.13"
116+
117+
layers = [data.aws_ssm_parameter.powertools_version.value]
118+
}
119+
```
101120

102121
=== "Infrastructure as Code (IaC)"
103122

@@ -191,6 +210,26 @@ You can install Powertools for AWS Lambda (Python) using your favorite dependenc
191210

192211
You'll find the pre-signed URL under `Location` key as part of the CLI command output.
193212

213+
=== "Lambda Layer (GovCloud)"
214+
215+
[Lambda Layer](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html){target="_blank"} is a .zip file archive that can contain additional code, pre-packaged dependencies, data, or configuration files. We compile and optimize [all dependencies](#install), and remove duplicate dependencies [already available in the Lambda runtime](https://github.com/aws-powertools/powertools-lambda-layer-cdk/blob/d24716744f7d1f37617b4998c992c4c067e19e64/layer/Python/Dockerfile#L36){target="_blank"} to achieve the most optimal size.
216+
217+
For the latter, make sure to replace `{python_version}` without the period (.), e.g., `python313` for `Python 3.13`.
218+
219+
**AWS GovCloud (us-gov-east-1)**
220+
221+
| Architecture | Layer ARN |
222+
| ------------ | --------------------------------------------------------------------------------------------------------- |
223+
| x86_64 | __arn:aws-us-gov:lambda:us-gov-east-1:165087284144:layer:AWSLambdaPowertoolsPythonV3-{python_version}-x86_64:4__{: .copyMe}:clipboard: |
224+
| ARM | __arn:aws-us-gov:lambda:us-gov-east-1:165087284144:layer:AWSLambdaPowertoolsPythonV3-{python_version}-arm64:4__{: .copyMe}:clipboard: |
225+
226+
**AWS GovCloud (us-gov-west-1)**
227+
228+
| Architecture | Layer ARN |
229+
| ------------ | --------------------------------------------------------------------------------------------------------- |
230+
| x86_64 | __arn:aws-us-gov:lambda:us-gov-west-1:165093116878:layer:AWSLambdaPowertoolsPythonV3-{python_version}-x86_64:4__{: .copyMe}:clipboard: |
231+
| ARM | __arn:aws-us-gov:lambda:us-gov-west-1:165093116878:layer:AWSLambdaPowertoolsPythonV3-{python_version}-arm64:4__{: .copyMe}:clipboard: |
232+
194233
=== "Serverless Application Repository (SAR)"
195234

196235
We provide a SAR App that deploys a CloudFormation stack with a copy of our Lambda Layer in your AWS account and region.

0 commit comments

Comments
 (0)