Added s3-logs-extension-demo-container-image

Author: julianwood

README.md

@@ -15,7 +15,8 @@ In this repository you'll find a number of different sample projects and demos t
 
 * [AWS AppConfig extension demo](awsappconfig-extension-demo/)
 * [Custom runtime extension demo](custom-runtime-extension-demo/)
-* [Logs to Amazon S3 extension demo](s3-logs-extension-demo/)
+* [Logs to Amazon S3 extension demo: zip archive](s3-logs-extension-demo-zip-archive/)
+* [Logs to Amazon S3 extension demo: container image ](s3-logs-extension-demo-container-image/)
 * [Extension in Go](go-example-extension/)
 * [Extension in Python](python-example-extension/)
 * [Extension in Node.js](nodejs-example-extension/)

s3-logs-extension-demo-container-image/README.MD

@@ -0,0 +1,131 @@
+# S3-Logs extension demo using container image format
+
+This is a demo of the logging functionality available with [AWS Lambda](https://aws.amazon.com/lambda/) Extensions to send logs directly from Lambda to [Amazon Simple Storage Service (S3)](https://aws.amazon.com/s3/).
+
+This example packages the extension and function as separate container images. See the s3-logs-extension-demo-zip-archive version to use the functionality without container images.
+
+For more information on the extensions logs functionality, see the blog post [Using AWS Lambda extensions to send logs to custom destinations](https://aws.amazon.com/blogs/compute/using-aws-lambda-extensions-to-send-logs-to-custom-destinations/)
+
+> This is a simple example extension to help you start investigating the Lambda Runtime Logs API. This code is not production ready, and it has never intended to be. Use it with your own discretion after testing thoroughly.  
+
+The demo includes a Lambda function with an extension delivered as a container image.
+
+The extension uses the Extensions API to register for INVOKE and SHUTDOWN events. The extension, using the Logs API, then subscribes to receive platform and function logs, but not extension logs. The extension runs a local HTTP endpoint listening for HTTP POST events. Lambda delivers log batches to this endpoint. The code can be amended (see the comments) to handle each log record in the batch. This can be used to process, filter, and route individual log records to any preferred destination
+
+The example creates an S3 bucket to store the logs. A Lambda function is configured with an environment variable to specify the S3 bucket name. Lambda streams the logs to the extension. The extension copies the logs to the S3 bucket.
+
+The extension uses the Python runtime from the execution environment to show the functionality. The recommended best practice is to compile your extension into an executable binary and not rely on the runtime.
+
+The demo builds a separate container image for the extension.
+
+The [AWS Serverless Application Model (AWS SAM)](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) is used to build the function as another container image, which includes the previously created extension container image.
+
+## Requirements
+
+* [AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) - **minimum version 0.48**.
+* [Docker CLI](https://docs.docker.com/get-docker/)
+
+[Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and login.
+
+Clone the repo onto your local development machine:
+```bash
+git clone https://github.com/aws-samples/aws-lambda-extensions
+cd s3-logs-extension-demo-container-image
+```
+
+## Installation instructions
+
+### Create the extension container image
+1. Create an [Amazon Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/) repository for the extension.
+```bash
+aws ecr create-repository --repository-name log-extension-image
+```
+Note the `repositoryUri` created.
+
+2. Run the following command to build the container image containing the extension as specified in the `Dockerfile` file.
+```bash
+cd .\extension\
+docker build -t log-extension-image:latest  .
+```
+3. Tag, login, and push the extension container image to an existing ECR repository.
+
+Replace the `repositoryUri` with the one previous created.
+
+Replace the `AccountID` with the your AWS Account ID.
+5. 
+```
+docker tag log-extension-image:latest <repositoryUri>:latest
+aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <AccountID>.dkr.ecr.us-east-1.amazonaws.com
+docker push <repositoryUri>:latest
+cd ..
+```
+### Create the Lambda function container image
+
+1. Create an [Amazon Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/) repository for the extension
+```bash
+aws ecr create-repository --repository-name log-extension-function
+```
+
+Note the `repositoryUri` created.
+
+There is no need to run `pip install` for the function as it does not require any dependencies. The function Dockerfile contains the following lines, which add the previously created extension image. Replace the first FROM line with the `repositoryUri` previously created for the extension layer.
+
+```
+FROM 123456789012.dkr.ecr.us-east-1.amazonaws.com/log-extension-image:latest AS layer
+FROM public.ecr.aws/lambda/python:3.8
+# Layer code
+WORKDIR /opt
+COPY --from=layer /opt/ .
+
+# Function code
+WORKDIR /var/task
+COPY app.py .
+
+CMD ["app.lambda_handler"]
+```
+
+The AWS SAM template specified in the `template.yml` file builds the Lambda function as a container image.
+
+Update the `/function/Dockerfile` with the extension container image location previously created.
+
+1. Run the following commands
+
+```
+cd function
+sam build
+sam deploy --stack-name s3-logs-extension-demo --guided
+
+```
+
+During the prompts:
+
+* Accept the default Stack Name `s3-logs-extension-demo`.
+* Enter your preferred Region
+* Enter the function container image ECR repository such as: `123456789012.dkr.ecr.us-east-1.amazonaws.com/log-function-image`
+* Accept the defaults for the remaining questions.
+
+AWS SAM deploys the application stack which includes the Lambda function and an IAM Role. 
+
+Note the outputted S3 Bucket Name.
+
+## Invoke the Lambda function
+You can now invoke the Lambda function. Amend the Region and use the following command:
+```bash
+aws lambda invoke \
+ --function-name "logs-extension-demo-function-container-image" \
+ --payload '{"payload": "hello"}' /tmp/invoke-result \
+ --cli-binary-format raw-in-base64-out \
+ --log-type Tail \
+ --region <use your Region>
+```
+The function should return `"StatusCode": 200`
+
+Browse to the [Amazon CloudWatch Console](https://console.aws.amazon.com/cloudwatch). Navigate to *Logs\Log Groups*. Select the log group **/aws/lambda/logs-extension-demo-function**.
+
+View the log stream to see the platform, function, and extensions each logging while they are processing.
+
+The logging extension also receives the log stream directly from Lambda, and copies the logs to S3.
+
+Browse to the [Amazon S3 Console](https://console.aws.amazon.com/S3). Navigate to the S3 bucket created as part of the SAM deployment. 
+
+Downloading the file object containing the copied log stream. The log contains the same platform and function logs, but not the extension logs, as specified during the subscription.

s3-logs-extension-demo-container-image/extension/Dockerfile

@@ -0,0 +1,9 @@
+FROM python:3.8-alpine AS installer
+#Layer Code
+COPY extensionssrc /opt/
+COPY extensionssrc/requirements.txt /opt/
+RUN pip install -r /opt/requirements.txt -t /opt/extensions/lib
+
+FROM scratch AS base
+WORKDIR /opt/extensions
+COPY --from=installer /opt/extensions .

s3-logs-extension-demo/extensionssrc/extensions/logs_api_http_extension.py renamed to s3-logs-extension-demo-container-image/extension/extensionssrc/extensions/logs_api_http_extension.py

@@ -0,0 +1,11 @@
+FROM 978558897928.dkr.ecr.us-east-1.amazonaws.com/log-extension-image:latest AS layer
+FROM public.ecr.aws/lambda/python:3.8
+# Layer code
+WORKDIR /opt
+COPY --from=layer /opt/ .
+
+# Function code
+WORKDIR /var/task
+COPY app.py .
+
+CMD ["app.lambda_handler"]

s3-logs-extension-demo/extensionssrc/extensions/logs_api_http_extension/__init__.py renamed to s3-logs-extension-demo-container-image/extension/extensionssrc/extensions/logs_api_http_extension/__init__.py

@@ -0,0 +1,13 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: MIT-0
+
+import json
+import os
+from pathlib import Path
+
+def lambda_handler(event, context):
+	print(f"Function: Logging something which logging extension will send to S3")
+	return {
+		'statusCode': 200,
+		'body': json.dumps('Hello from Lambda!')
+	}

s3-logs-extension-demo/extensionssrc/extensions/logs_api_http_extension/extensions_api_client.py renamed to s3-logs-extension-demo-container-image/extension/extensionssrc/extensions/logs_api_http_extension/extensions_api_client.py

@@ -0,0 +1,134 @@
+#!/bin/sh
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: MIT-0
+
+''''exec python -u -- "$0" ${1+"$@"} # '''
+import os
+import sys
+from pathlib import Path
+from datetime import datetime
+# Add lib folder to path to import boto3 library.
+# Normally with Lambda Layers, python libraries are put into the /python folder which is in the path.
+# As this extension is bringing its own Python runtime, and running a separate process, the path is not available.
+# Hence, having the files in a different folder and adding it to the path, makes it available. 
+lib_folder = Path(__file__).parent / "lib"
+sys.path.insert(0,str(lib_folder))
+import boto3
+
+from logs_api_http_extension.http_listener import http_server_init, RECEIVER_PORT
+from logs_api_http_extension.logs_api_client import LogsAPIClient
+from logs_api_http_extension.extensions_api_client import ExtensionsAPIClient
+
+from queue import Queue
+
+"""Here is the sample extension code.
+    - The extension runs two threads. The "main" thread, will register with the Extension API and process its invoke and
+    shutdown events (see next call). The second "listener" thread listens for HTTP POST events that deliver log batches.
+    - The "listener" thread places every log batch it receives in a synchronized queue; during each execution slice,
+    the "main" thread will make sure to process any event in the queue before returning control by invoking next again.
+    - Note that because of the asynchronous nature of the system, it is possible that logs for one invoke are
+    processed during the next invoke slice. Likewise, it is possible that logs for the last invoke are processed during
+    the SHUTDOWN event.
+
+Note: 
+
+1.  This is a simple example extension to help you understand the Lambda Logs API.
+    This code is not production ready. Use it with your own discretion after testing it thoroughly.  
+
+2.  The extension code starts with a shebang. This is to bring Python runtime to the execution environment.
+    This works if the lambda function is a python3.x function, therefore it brings the python3.x runtime with itself.
+    It may not work for python 2.7 or other runtimes. 
+    The recommended best practice is to compile your extension into an executable binary and not rely on the runtime.
+  
+3.  This file needs to be executable, so make sure you add execute permission to the file 
+    `chmod +x logs_api_http_extension.py`
+
+"""
+
+class LogsAPIHTTPExtension():
+    def __init__(self, agent_name, registration_body, subscription_body):
+ #       print(f"extension.logs_api_http_extension: Initializing LogsAPIExternalExtension {agent_name}")
+        self.agent_name = agent_name
+        self.queue = Queue()
+        self.logs_api_client = LogsAPIClient()
+        self.extensions_api_client = ExtensionsAPIClient()
+
+        # Register early so Runtime could start in parallel
+        self.agent_id = self.extensions_api_client.register(self.agent_name, registration_body)
+
+        # Start listening before Logs API registration
+#        print(f"extension.logs_api_http_extension: Starting HTTP Server {agent_name}")
+        http_server_init(self.queue)
+        self.logs_api_client.subscribe(self.agent_id, subscription_body)
+
+    def run_forever(self):
+        # Configuring S3 Connection
+        s3_bucket = (os.environ['S3_BUCKET_NAME'])
+        s3 = boto3.resource('s3')
+        print(f"extension.logs_api_http_extension: Receiving Logs {self.agent_name}")
+        while True:
+            resp = self.extensions_api_client.next(self.agent_id)
+            # Process the received batches if any.
+            while not self.queue.empty():
+                batch = self.queue.get_nowait()
+                # This following line logs the events received to CloudWatch.
+                # Replace it to send logs to elsewhere.
+                # If you've subscribed to extension logs, e.g. "types": ["platform", "function", "extension"],
+                # you'll receive the logs of this extension back from Logs API.
+                # And if you log it again with the line below, it will create a cycle since you receive it back again.
+                # Use `extension` log type if you'll egress it to another endpoint,
+                # or make sure you've implemented a protocol to handle this case.
+#                print(f"Log Batch Received from Lambda: {batch}", flush=True)
+
+#               There are two options illustrated:
+#               1. Sending the entire log batch to S3
+#               2. Parsing the batch and sending individual log lines.
+#                  This could be used to parse the log lines and only selectively send logs to S3, or amend for any other destination.
+
+#               1. The following line writes the entire batch to S3
+                s3_filename = (os.environ['AWS_LAMBDA_FUNCTION_NAME'])+'-'+(datetime.now().strftime('%Y-%m-%d-%H:%M:%S.%f'))+'.log'
+                try:
+                    response = s3.Bucket(s3_bucket).put_object(Key=s3_filename, Body=str(batch))
+                except Exception as e:
+                    raise Exception(f"Error sending log to S3 {e}") from e
+#               2. The following parses the batch and sends individual log line
+#                try:
+#                    for item in range(len(batch)):
+#                        s3_filename = (os.environ['AWS_LAMBDA_FUNCTION_NAME'])+'-'+(datetime.now().strftime('%Y-%m-%d-%H:%M:%S.%f'))+'.'+str(item)+'.log'
+#                        content = str(batch[item])
+#                        response = s3.Bucket(s3_bucket).put_object(Key=s3_filename, Body=content)
+#                except Exception as e:
+#                    raise Exception(f"Error sending log to S3 {e}") from e
+                
+# Register for the INVOKE events from the EXTENSIONS API
+_REGISTRATION_BODY = {
+    "events": ["INVOKE", "SHUTDOWN"],
+}
+
+# Subscribe to platform logs and receive them on ${local_ip}:4243 via HTTP protocol.
+
+TIMEOUT_MS = 1000 # Maximum time (in milliseconds) that a batch is buffered.
+MAX_BYTES = 262144 # Maximum size in bytes that the logs are buffered in memory.
+MAX_ITEMS = 10000 # Maximum number of events that are buffered in memory.
+
+_SUBSCRIPTION_BODY = {
+    "destination":{
+        "protocol": "HTTP",
+        "URI": f"http://sandbox:{RECEIVER_PORT}",
+    },
+    "types": ["platform", "function"],
+    "buffering": {
+        "timeoutMs": TIMEOUT_MS,
+        "maxBytes": MAX_BYTES,
+        "maxItems": MAX_ITEMS
+    }
+}
+
+def main():
+#    print(f"extension.logs_api_http_extension: Starting Extension {_REGISTRATION_BODY} {_SUBSCRIPTION_BODY}")
+    # Note: Agent name has to be file name to register as an external extension
+    ext = LogsAPIHTTPExtension(os.path.basename(__file__), _REGISTRATION_BODY, _SUBSCRIPTION_BODY)
+    ext.run_forever()
+
+if __name__ == "__main__":
+    main()

s3-logs-extension-demo/extensionssrc/extensions/logs_api_http_extension/http_listener.py renamed to s3-logs-extension-demo-container-image/extension/extensionssrc/extensions/logs_api_http_extension/http_listener.py

@@ -0,0 +1,63 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: MIT-0
+
+import json
+import os
+import sys
+import urllib.request
+
+# Demonstrates code to register as an extension.
+
+LAMBDA_AGENT_NAME_HEADER_KEY = "Lambda-Extension-Name"
+LAMBDA_AGENT_IDENTIFIER_HEADER_KEY = "Lambda-Extension-Identifier"
+
+class ExtensionsAPIClient():
+    def __init__(self):
+        try:
+            runtime_api_address = os.environ['AWS_LAMBDA_RUNTIME_API']
+            self.runtime_api_base_url = f"http://{runtime_api_address}/2020-01-01/extension"
+        except Exception as e:
+            raise Exception(f"AWS_LAMBDA_RUNTIME_API is not set {e}") from e
+
+    # Register as early as possible - the runtime initialization starts after all extensions have registered.
+    def register(self, agent_unique_name, registration_body):
+        try:
+            print(f"extension.extensions_api_client: Registering Extension at ExtensionsAPI address: {self.runtime_api_base_url}")
+            req = urllib.request.Request(f"{self.runtime_api_base_url}/register")
+            req.method = 'POST'
+            req.add_header(LAMBDA_AGENT_NAME_HEADER_KEY, agent_unique_name)
+            req.add_header("Content-Type", "application/json")
+            data = json.dumps(registration_body).encode("utf-8")
+            req.data = data
+            resp = urllib.request.urlopen(req)
+            if resp.status != 200:
+                print(f"extension.extensions_api_client: /register request to ExtensionsAPI failed. Status:  {resp.status}, Response: {resp.read()}")
+                # Fail the extension
+                sys.exit(1)
+            agent_identifier = resp.headers.get(LAMBDA_AGENT_IDENTIFIER_HEADER_KEY)
+#            print(f"extension.extensions_api_client: received agent_identifier header  {agent_identifier}")
+            return agent_identifier
+        except Exception as e:
+            raise Exception(f"Failed to register to ExtensionsAPI: on {self.runtime_api_base_url}/register \
+                with agent_unique_name:{agent_unique_name}  \
+                and registration_body:{registration_body}\nError: {e}") from e
+
+    # Call the following method when the extension is ready to receive the next invocation
+    # and there is no job it needs to execute beforehand.
+    def next(self, agent_id):
+        try:
+            print(f"extension.extensions_api_client: Requesting /event/next from Extensions API")
+            req = urllib.request.Request(f"{self.runtime_api_base_url}/event/next")
+            req.method = 'GET'
+            req.add_header(LAMBDA_AGENT_IDENTIFIER_HEADER_KEY, agent_id)
+            req.add_header("Content-Type", "application/json")
+            resp = urllib.request.urlopen(req)
+            if resp.status != 200:
+                print(f"extension.extensions_api_client: /event/next request to ExtensionsAPI failed. Status: {resp.status}, Response: {resp.read()} ")
+                # Fail the extension
+                sys.exit(1)
+            data = resp.read()
+            print(f"extension.extensions_api_client:  Received event from ExtensionsAPI: {data}")
+            return data
+        except Exception as e:
+            raise Exception(f"Failed to get /event/next from ExtensionsAPI: {e}") from e