自动部署基于Lambda的应用程序

Question

我在下面的链接查看了教程，并尝试了一下。http://docs.aws.amazon.com/lambda/latest/dg/automating-deployment.html

这对我来说很有效，但是如何部署与lambda相关的环境变量和配置更改。从教程中，我可以了解如何部署代码更改，但我不确定如何部署配置更改。

Answer 1

为了让Lambda拉取配置信息，有许多选项：

• 对于非常基本的配置，你可以简单地使用环境变量，这些变量可以在命令行界面调用时根据文档进行设置(rep阻止我添加两个以上的链接，所以你必须搜索"lambda环境变量“才能获得它)
• Lambda可以从SSM Parameter Store读取，尽管这通常用于拉入EC2实例的配置信息(DB字符串和其他信息)。但是，如果您主要采用无服务器模式，这是实现
• 的一种方法，您可以使用DB (RDS/DynamoDB)来拉取/存储数据。只需记住，如果你超过了免费级别的限制，你会得到每小时的费用。
• 你可以使用你选择的格式(JSON，YAML，CSV等)。存储在一个python存储桶中，并让python加载(这将不利于您对allocation)
• For函数的调用和复杂的链接，您可能会考虑使用Step Functions

至于如何实现上述自动化，这将取决于您现有的自动化是什么。既可以使用CLI来协调整个过程，也可以使用您选择的脚本语言和适当的AWS SDK。

Answer 2

我编写了一个执行相同功能的CloudFormation模板，而不是手动执行http://docs.aws.amazon.com/lambda/latest/dg/automating-deployment.html中描述的步骤。换句话说，您可以部署我的模板，结果是一个新创建的代码提交存储库和相关的代码管道，它构建并部署您定义的任何CloudFormation模板到一个新的SAM堆栈。您所需要做的就是向新创建的代码提交代码库中添加一个buildspec.yml和samTemplate.yaml，并推送您的更改。

我的模板可以在下面的链接中找到。请注意，这是一个早期草案，有很大的改进空间…但它确实与上面链接的亚马逊网络服务指南密切相关：https://github.com/matwerber1/cloudformation-pipeline-template

以下是模板代码samTemplate.yaml：

AWSTemplateFormatVersion: '2010-09-09'
Description: Creates Private Code Commit repo and Deployment Pipeline to CloudFormation
Parameters: 
  ProjectNameParameter:
    Type: String
    Default: myProject
    Description: "the name to assign to your newly-created code repo, build project, pipeline, and IAM resources."

  CodeBuildS3BucketParameter:
    Type: String
    Default: "myCodeBuildS3Bucket"
    Description: "a pre-existing S3 bucket in which to store Code Build artifacts."

  CodePipelineS3BucketParameter:
    Type: String
    Default: "myCodePipelineS3Bucket"
    Description: "a pre-existing S3 bucket in which to store Code Pipeline resources."
Resources:

  MyRepo:
    Type: "AWS::CodeCommit::Repository"
    Properties: 
      RepositoryName: !Sub '${ProjectNameParameter}'

  CloudFormationRole:
   Type: "AWS::IAM::Role"
   Properties:
    RoleName: !Sub "${AWS::Region}-${ProjectNameParameter}-cloudformation"
    AssumeRolePolicyDocument:
      Statement:
        - Effect: Allow
          Principal:
            Service:
              - cloudformation.amazonaws.com
          Action:
            - "sts:AssumeRole"
    Path: "/"
    Policies:
      - PolicyName: cloudformation-service
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Action:
              - "*"
              Resource: "*"
              Effect: Allow

  CodePipelineRole:
   Type: "AWS::IAM::Role"
   Properties:
    RoleName: !Sub "${AWS::Region}-${ProjectNameParameter}-codepipeline"
    AssumeRolePolicyDocument:
      Statement:
        - Effect: Allow
          Principal:
            Service:
              - codepipeline.amazonaws.com
          Action:
            - "sts:AssumeRole"
    Path: "/"
    Policies:
      - PolicyName: codepipeline-service
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Action:
              - "codecommit:GetBranch"
              - "codecommit:GetCommit"
              - "codecommit:UploadArchive"
              - "codecommit:GetUploadArchiveStatus"
              - "codecommit:CancelUploadArchive"
              Resource: "*"
              Effect: Allow

            - Action:
              - "s3:GetObject"
              - "s3:GetObjectVersion"
              - "s3:GetBucketVersioning"
              Resource: "*"
              Effect: Allow

            - Action:
              - "s3:PutObject"
              Resource:
                - "arn:aws:s3:::codepipeline*"
                - "arn:aws:s3:::elasticbeanstalk*"
              Effect: Allow

            - Action:
              - "codedeploy:CreateDeployment"
              - "codedeploy:GetApplicationRevision"
              - "codedeploy:GetDeployment"
              - "codedeploy:GetDeploymentConfig"
              - "codedeploy:RegisterApplicationRevision"
              Resource: "*"
              Effect: Allow

            - Action:
              - "elasticbeanstalk:*"
              - "ec2:*"
              - "elasticloadbalancing:*"
              - "autoscaling:*"
              - "cloudwatch:*"
              - "s3:*"
              - "sns:*"
              - "cloudformation:*"
              - "rds:*"
              - "sqs:*"
              - "ecs:*"
              - "iam:PassRole"
              Resource: "*"
              Effect: Allow

            - Action:
              - "lambda:InvokeFunction"
              - "lambda:ListFunctions"
              Resource: "*"
              Effect: Allow

            - Action:
              - "opsworks:CreateDeployment"
              - "opsworks:DescribeApps"
              - "opsworks:DescribeCommands"
              - "opsworks:DescribeDeployments"
              - "opsworks:DescribeInstances"
              - "opsworks:DescribeStacks"
              - "opsworks:UpdateApp"
              - "opsworks:UpdateStack"
              Resource: "*"
              Effect: Allow

            - Action:
              - "cloudformation:CreateStack"
              - "cloudformation:DeleteStack"
              - "cloudformation:DescribeStacks"
              - "cloudformation:UpdateStack"
              - "cloudformation:CreateChangeSet"
              - "cloudformation:DeleteChangeSet"
              - "cloudformation:DescribeChangeSet"
              - "cloudformation:ExecuteChangeSet"
              - "cloudformation:SetStackPolicy"
              - "cloudformation:ValidateTemplate"
              - "iam:PassRole"
              Resource: "*"
              Effect: Allow

            - Action:
              - "codebuild:BatchGetBuilds"
              - "codebuild:StartBuild"
              Resource: "*"
              Effect: Allow

  CodeBuildRole:
   Type: "AWS::IAM::Role" 
   Properties:
    RoleName: !Sub "${AWS::Region}-${ProjectNameParameter}-codebuild"
    AssumeRolePolicyDocument:
      Statement:
        - Effect: Allow
          Principal:
            Service:
              - codebuild.amazonaws.com
          Action:
            - "sts:AssumeRole"
    Path: "/"
    Policies:
      - PolicyName: codebuild-service
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Action:
              - "logs:CreateLogGroup"
              - "logs:CreateLogStream"
              - "logs:PutLogEvents"
              Resource:
              - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectNameParameter}"
              - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectNameParameter}:*"
              Effect: Allow

            - Action: 
              - "s3:PutObject"
              - "s3:GetObject"
              - "s3:GetObjectVersion"
              Resource: !Sub "arn:aws:s3:::codepipeline-${AWS::Region}-*"
              Effect: Allow

            - Action: "ssm:GetParameters"
              Resource:  !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/CodeBuild/*"
              Effect: Allow

            - Action: "s3:PutObject"
              Resource: !Sub "arn:aws:s3:::${CodeBuildS3BucketParameter}*"
              Effect: Allow

  MyBuild:
    Type: "AWS::CodeBuild::Project"
    Properties: 
      Artifacts:
        Type: CODEPIPELINE
      BadgeEnabled: false
      Environment:
        ComputeType: BUILD_GENERAL1_SMALL
        Image: "aws/codebuild/python:3.5.2"
        Type: LINUX_CONTAINER
      Name: !Sub '${ProjectNameParameter}'
      ServiceRole: !Ref CodeBuildRole
      Source:
        Type: CODEPIPELINE
      TimeoutInMinutes: 60

  MyPipeline:
    Type: "AWS::CodePipeline::Pipeline"
    Properties:
      ArtifactStore:
        Location: !Ref CodePipelineS3BucketParameter
        Type: S3
      Name: !Sub "${ProjectNameParameter}"
      RestartExecutionOnUpdate: false
      RoleArn: !GetAtt CodePipelineRole.Arn
      Stages:
        - Name: "Source"
          Actions:
            - ActionTypeId:
                Category: Source
                Owner: AWS
                Provider: CodeCommit
                Version: "1"
              Configuration:
                RepositoryName: !GetAtt MyRepo.Name
                BranchName: master
                PollForSourceChanges: true
              Name: Source
              OutputArtifacts:
                - Name: MyApp
              RunOrder: 1

        - Name: "Build"
          Actions:
            - ActionTypeId:
                Category: Build
                Owner: AWS
                Provider: CodeBuild
                Version: "1"
              Configuration:
                ProjectName: !Ref MyBuild
              InputArtifacts:
                - Name: MyApp
              Name: "Build"
              OutputArtifacts:
                - Name: MyAppBuild
              RunOrder: 2

        - Name: "Staging"
          Actions:
            - ActionTypeId:
                Category: Deploy
                Owner: AWS
                Provider: CloudFormation
                Version: "1"
              Configuration:
                ActionMode: CHANGE_SET_REPLACE
                StackName: !Ref ProjectNameParameter
                Capabilities: CAPABILITY_NAMED_IAM
                ChangeSetName: MyChangeSet
                RoleArn: !GetAtt CloudFormationRole.Arn
                TemplatePath: MyAppBuild::NewSamTemplate.yaml
              InputArtifacts:
                - Name: MyAppBuild
              Name: "build_changeset"
              RunOrder: 3

            - ActionTypeId:
                Category: Deploy
                Owner: AWS
                Provider: CloudFormation
                Version: "1"
              Configuration:
                ActionMode: CHANGE_SET_EXECUTE
                StackName: !Ref ProjectNameParameter
                Capabilities: CAPABILITY_NAMED_IAM
                ChangeSetName: MyChangeSet
              Name: "execute_changeset"
              RunOrder: 4