New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New options to configure roles and VPC #11779
Changes from 2 commits
4dd8fcb
12703e6
c7a12fe
fe79fc4
160ee53
14991ec
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,6 +6,7 @@ package aws | |
|
||
import ( | ||
"fmt" | ||
"regexp" | ||
"time" | ||
"unicode" | ||
|
||
|
@@ -23,18 +24,25 @@ type Config struct { | |
const maxMegabytes = 3008 | ||
|
||
// DefaultLambdaConfig confguration for AWS lambda function. | ||
var DefaultLambdaConfig = &lambdaConfig{ | ||
MemorySize: 128 * 1024 * 1024, | ||
Timeout: time.Second * 3, | ||
Concurrency: 5, | ||
} | ||
var ( | ||
DefaultLambdaConfig = &lambdaConfig{ | ||
MemorySize: 128 * 1024 * 1024, | ||
Timeout: time.Second * 3, | ||
Concurrency: 5, | ||
} | ||
|
||
arnRolePattern = "arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We are using the arn reference in a few places in the code, we might want to create a custom type for it and have a single place to validate it. As a note, I've decided not to add a validation for arn, since I was a bit worried that we would get it wrong. Can you add a link concerning the rules for an ARN. |
||
roleRE = regexp.MustCompile(arnRolePattern) | ||
) | ||
|
||
type lambdaConfig struct { | ||
Concurrency int `config:"concurrency" validate:"min=0,max=1000"` | ||
DeadLetterConfig *deadLetterConfig `config:"dead_letter_config"` | ||
Description string `config:"description"` | ||
MemorySize MemSizeFactor64 `config:"memory_size"` | ||
Timeout time.Duration `config:"timeout" validate:"nonzero,positive"` | ||
Role string `config:"role"` | ||
VPCConfig *vpcConfig `config:"virtual_private_cloud"` | ||
} | ||
|
||
func (c *lambdaConfig) Validate() error { | ||
|
@@ -46,13 +54,22 @@ func (c *lambdaConfig) Validate() error { | |
return fmt.Errorf("'memory_size' must be lower than %d", maxMegabytes) | ||
} | ||
|
||
if c.Role != "" && !roleRE.MatchString(c.Role) { | ||
return fmt.Errorf("invalid role: '%s', name must match pattern %s", c.Role, arnRolePattern) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
type deadLetterConfig struct { | ||
TargetArn string `config:"target_arn"` | ||
} | ||
|
||
type vpcConfig struct { | ||
SecurityGroupIDs []string `config:"security_group_ids" validate:"required"` | ||
SubnetIDs []string `config:"subnet_ids" validate:"required"` | ||
} | ||
|
||
// MemSizeFactor64 implements a human understandable format for bytes but also make sure that all | ||
// values used are a factory of 64. | ||
type MemSizeFactor64 int | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should log that we are using a custom role, I presume that we will get a few questions concerning the policies required if they use their role. So I think we will need to create a followup issue doc issue to describe them. Can you coordinate with @dedemorton for that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Created issue with the required policies: #11787