In [1]:
!pip install boto3

Defaulting to user installation because normal site-packages is not writeable


In [2]:
import os
import boto3
import json
import requests

import sys
sys.path.append(os.getcwd())

# Utilitary build functions

# Information for communication protocols

In [3]:
# Account
account_id = '060004687794'

# Server
region = "sa-east-1"

# Platform
ecr_image_name = "serverless-example"
tag='latest'

# API
endpoint = "predict"
method_verb='POST'
stage = "test"

# Ellaborate information
tagged_image_uri=f"{ecr_image_name}:latest"
password_stdin=f"{account_id}.dkr.ecr.{region}.amazonaws.com"

# Specify the role name and trust policy for the Lambda service
role_name = 'lambda-exec-role'

trust_policy = {
    'Version': '2012-10-17',
    'Statement': [
        {
            'Effect': 'Allow',
            'Principal': {'Service': 'lambda.amazonaws.com'},
            'Action': 'sts:AssumeRole'
        }
    ]
}

policy_arn = 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'

# Rate limits: Harsh since this will be public facing
# Quota: Low daily limits for the same reason
usage_constraints = {
    'rate_limits': {
        'burstLimit': 10,
        'rateLimit': 10.0
    },
    'quota': {
        'limit': 100,
        'period': 'DAY'
    }
}


In [4]:
# Function description
func_description='SKLearn predict Lambda function'

# Function name (not public facing)
function_name = f'lambda-fn-{ecr_image_name}'

# Clients

In [5]:
# Set up the IAM client
iam_client = boto3.client('iam', region_name=region)

# Set up the Lambda client
lambda_client = boto3.client('lambda', region_name=region)

# Set up the API Gateway client
gateway_client = boto3.client('apigateway', region_name=region)

# Development steps

- IAM role image handling;
- ECR image
- Lambda function creation;
- API Gateway

## IAM Role Image Handling

The first step: create a user on IAM with below permissions:

- **IAMUserChangePassword**: a default permission to change password 
- **IAMFullAccess**: Allows IAM management
- **AmazonEC2ContainerRegistryFullAccess**: Allows uploading image to ECR
- **AWSLambda_FullAccess**: Allows access to specific Lambda function given a role 
- **AmazonAPIGatewayAdministrator**: Allows access to specific API Gateway handling 



In [6]:
from deploy_utils.iam_utils import try_attach_role_policy

# The id "role_arn" will be used on lambda deployment
role_arn = try_attach_role_policy(iam_client, role_name, policy_arn, trust_policy)

role_arn

'arn:aws:iam::060004687794:role/lambda-exec-role'

## ECR image

Run 2 cells below with key stroke _Shift+Enter_ to upload the docker image to ECR.

In [7]:
from deploy_utils.ecr_utils import pipe_push_image

pipe_push_image(account_id, region, ecr_image_name, tag)

Logining on ECR account...
Deleting existent ECR image...
Creating ECR image...
Building docker image...
Tagging docker image...
Pushing docker image to ECR...


# Lambda function creation

Run 2 cells below with key stroke _Shift+Enter_ to generate a Lambda Function based on Docker Image

### Create function

In [8]:
from deploy_utils.ecr_utils import build_ecr_url
from deploy_utils.lambda_utils import delete_function, create_function

# Retrieve (if already exists) or create a new Lambda function
routed_url = build_ecr_url(account_id, region, ecr_image_name, tag)
deletion_response = delete_function(lambda_client, function_name)
create_response = create_function(lambda_client, function_name, func_description, routed_url, role_arn)

create_response

{'ResponseMetadata': {'RequestId': 'c18f7ecf-ad56-4b06-a7d8-3df2002a936f',
  'HTTPStatusCode': 201,
  'HTTPHeaders': {'date': 'Sat, 16 Sep 2023 19:41:34 GMT',
   'content-type': 'application/json',
   'content-length': '1111',
   'connection': 'keep-alive',
   'x-amzn-requestid': 'c18f7ecf-ad56-4b06-a7d8-3df2002a936f'},
  'RetryAttempts': 0},
 'FunctionName': 'lambda-fn-serverless-example',
 'FunctionArn': 'arn:aws:lambda:sa-east-1:060004687794:function:lambda-fn-serverless-example',
 'Role': 'arn:aws:iam::060004687794:role/lambda-exec-role',
 'CodeSize': 0,
 'Description': 'SKLearn predict Lambda function',
 'Timeout': 10,
 'MemorySize': 256,
 'LastModified': '2023-09-16T19:41:33.154+0000',
 'CodeSha256': 'd3e81c111a44a3745ff6f56fea543a98e6d22177a36be8ebdb7b089363336e85',
 'Version': '31',
 'TracingConfig': {'Mode': 'PassThrough'},
 'RevisionId': '18db79a7-da82-4c6a-886a-3c9f86313c75',
 'State': 'Pending',
 'StateReason': 'The function is being created.',
 'StateReasonCode': 'Creating

### Get function

In [16]:
from deploy_utils.lambda_utils import get_function

get_response = get_function(lambda_client, function_name)

get_response

{'ResponseMetadata': {'RequestId': '7d479e43-10ff-42ac-a55a-e9d30503ee55',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'date': 'Sat, 16 Sep 2023 19:41:50 GMT',
   'content-type': 'application/json',
   'content-length': '1427',
   'connection': 'keep-alive',
   'x-amzn-requestid': '7d479e43-10ff-42ac-a55a-e9d30503ee55'},
  'RetryAttempts': 0},
 'Configuration': {'FunctionName': 'lambda-fn-serverless-example',
  'FunctionArn': 'arn:aws:lambda:sa-east-1:060004687794:function:lambda-fn-serverless-example',
  'Role': 'arn:aws:iam::060004687794:role/lambda-exec-role',
  'CodeSize': 0,
  'Description': 'SKLearn predict Lambda function',
  'Timeout': 10,
  'MemorySize': 256,
  'LastModified': '2023-09-16T19:41:33.154+0000',
  'CodeSha256': 'd3e81c111a44a3745ff6f56fea543a98e6d22177a36be8ebdb7b089363336e85',
  'Version': '$LATEST',
  'TracingConfig': {'Mode': 'PassThrough'},
  'RevisionId': '2d95a223-f1ae-4ea3-ae4b-968392bfeeff',
  'State': 'Active',
  'LastUpdateStatus': 'Successful',
  'Packag

### Test function

In [17]:
from json import dumps, loads

# Prepare the event to pass to the Lambda function
example=[1, 2, 3, 4, 5]

# Transform into json format
payload=dumps({"body": example})

# Invoke the Lambda function
response = lambda_client.invoke(
    FunctionName=function_name,
    InvocationType='RequestResponse',
    Payload=payload
)

# Get the response from the Lambda function
result = loads(response['Payload'].read())

print(result)

{'statusCode': 200, 'headers': {'Content-Type': 'application/json'}, 'body': '[1, 4, 9, 16, 25]', 'isBase64Encoded': False}


## API Gateway setup

Run the cells below to set the Lambda Function as an Endpoint on API Gateway.

In [18]:
from deploy_utils.api_gateway_utils import deploy_rest_api, build_api_url

# Define the name of the API (not public facing)
rest_api_name = function_name + '-api'

deployment_reponse = deploy_rest_api(\
    gateway_client, lambda_client, \
    account_id, region, \
    function_name, rest_api_name, \
    endpoint, method_verb, \
    usage_constraints, stage \
)

deployment_reponse

{'url': 'https://yyyyqg8ce2.execute-api.sa-east-1.amazonaws.com/test/predict/',
 'api_key': 'vypIroXEmg3XjqXSOw9708BlVT69iroL1wYjHoLn',
 'usage_plan_id': 'dovbla',
 'rest_api_id': 'yyyyqg8ce2'}

In [19]:
rest_api_id=deployment_reponse['rest_api_id']

# The URL by default will follow this pattern:
api_url = build_api_url(rest_api_id, region, endpoint, stage)

print(api_url)


https://yyyyqg8ce2.execute-api.sa-east-1.amazonaws.com/test/predict/


In [20]:
api_key=deployment_reponse['api_key']
rest_api_id=deployment_reponse['rest_api_id']

# The URL by default will follow this pattern:
api_url = build_api_url(rest_api_id, region, endpoint, stage)

print(api_key)
print(api_url)


vypIroXEmg3XjqXSOw9708BlVT69iroL1wYjHoLn
https://yyyyqg8ce2.execute-api.sa-east-1.amazonaws.com/test/predict/


In [21]:
# Prepare the event to pass to the Lambda function
example=[1, 2, 3, 4, 5]

# Transform into json format
payload=json.dumps({"body": example})

headers = {
    'Content-type': 'application/json', 
    'x-api-key': api_key,
}

resp = requests.post(api_url, headers=headers, json=example)
resp.json()


[1, 4, 9, 16, 25]