What if your Lambda code is built by another team, or you want to use an executable from a GitHub project instead of writing it within your AWS CDK project?
Typically, Lambda functions are part of the CDK project, and you reference the source code directly. In this example, this situation, the Lambda executable is in a separate repository, and I wanted to bundle it within my deployment. This is where local bundling becomes handy. I want to bundle everything locally and completely skip the docker bundle; I don’t even need it on my system.
Here is the Lambda code
const localBundling = new LocalBinaryBundling({
url: props.url,
checksum: props.checksum,
});
new Function(this, 'lambda-function', {
....
code: Code.fromAsset(path.join(__dirname, '../binary'), {
assetHash: `${props.version}-${props.checksum}`,
assetHashType: cdk.AssetHashType.CUSTOM,
bundling: {
image: cdk.DockerImage.fromRegistry("none"),
local: localBundling,
},
}),
})
I configured assetHash so my Lambda function is deployed only when new version of the executable is available.
And now the bundler. The first version uses shell commands to download the binary from GitHub releases, to verify the checksum and make it executable.
...
export class LocalBinaryBundling implements ILocalBundling {
constructor(private readonly props: BinaryProps) { }
private downloadAndVerifyBinary(binaryPath: string): boolean {
try {
execSync(`
curl -L -o ${binaryPath} ${this.props.url} && \
echo "${this.props.checksum} ${binaryPath}" | sha256sum -c - && \
chmod +x ${binaryPath}
`, { stdio: 'inherit' });
return true;
} catch (err) {
return false;
}
}
public tryBundle(outputDir: string): boolean {
const binaryPath = `${outputDir}/bootstrap`;
if (!this.downloadAndVerifyBinary(binaryPath)) {
throw new BundlerError("Can't download and verify ec2-uptime-maestro binary! Stopping bundle phase...");
}
return true;
}
}
class BundlerError extends Error {
constructor(message: string) {
super(message);
this.name = "BundlerError";
}
}
For the second version I wanted to remove the dependency on shell and instead use Node.js modules. And, since this project was built with Projen, I wanted to explore how this works in the CDK context.
import { ILocalBundling } from "aws-cdk-lib/core";
import { execSync } from "child_process";
import * as fs from "fs";
import * as crypto from "crypto";
import request from "sync-request";
class BundlerError extends Error {
constructor(message: string) {
super(message);
this.name = "BundlerError";
}
}
interface BinaryProps {
url: string;
checksum: string;
}
export class LocalBinaryBundling implements ILocalBundling {
constructor(private readonly props: BinaryProps) {}
private downloadBinary(binaryPath: string): boolean {
try {
const response = request("GET", this.props.url);
if (response.statusCode !== 200) {
throw new BundlerError(
`Download failed with status: ${response.statusCode}`
);
}
fs.writeFileSync(binaryPath, response.getBody());
return true;
} catch (error) {
throw new BundlerError(`Failed to download binary: ${error}`);
}
}
private verifyChecksum(binaryPath: string): boolean {
try {
const fileBuffer = fs.readFileSync(binaryPath);
const hash = crypto.createHash("sha256");
hash.update(fileBuffer);
const calculatedChecksum = hash.digest("hex");
if (calculatedChecksum !== this.props.checksum) {
throw new BundlerError(
`Checksum verification failed!\nExpected: ${this.props.checksum}\nGot: ${calculatedChecksum}`
);
}
return true;
} catch (error) {
if (error instanceof BundlerError) throw error;
throw new BundlerError(`Checksum verification failed: ${error}`);
}
}
public tryBundle(outputDir: string): boolean {
const binaryPath = `${outputDir}/bootstrap`;
this.downloadBinary(binaryPath);
this.verifyChecksum(binaryPath);
if (process.platform === "win32") {
// TODO not sure about this.
execSync(`icacls "${binaryPath}" /grant Everyone:RX`, {
stdio: "inherit",
});
} else {
fs.chmodSync(binaryPath, 0o755);
}
return true;
}
}
The full source code is here.