Chalice - A tool to facilitate Python based lambda deployment

Overview

Chalice

Chalice is a tool to facilitate Python based lambda deployment. This repo contains the output of my basic exploration of this tool.

My specific goal with this tiny project was to examine the output of the terraform code and understand what resources will be created for a helloworld project.

I followed this tutorial, although used virtualenv a bit differently.

python3 --version
python3 -m venv venv38
. venv38/bin/activate

As instructed in the tutorial, instead of running chalice deploy, I used chalice package to specify terraform as the package format. Once executed, the output folder contained the zip file for the lambda and the terraform code file in JSON format. terraform should be run in the output folder to initiate deployment.

chalice package --pkg-format terraform /tmp/packaged-app/

Applying terraform

Output of the terraform apply command shows the creation of the following resources:

  • aws_api_gateway_deployment
  • aws_api_gateway_rest_api
  • aws_iam_role
  • aws_iam_role_policy
  • aws_lambda_function
  • aws_lambda_permission

And here is the output:

$ terraform apply
provider.aws.region
  The region where AWS operations will take place. Examples
  are us-east-1, us-west-2, etc.

  Enter a value: eu-west-1


Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_api_gateway_deployment.rest_api will be created
  + resource "aws_api_gateway_deployment" "rest_api" {
      + created_date      = (known after apply)
      + execution_arn     = (known after apply)
      + id                = (known after apply)
      + invoke_url        = (known after apply)
      + rest_api_id       = (known after apply)
      + stage_description = (known after apply)
      + stage_name        = "api"
    }

  # aws_api_gateway_rest_api.rest_api will be created
  + resource "aws_api_gateway_rest_api" "rest_api" {
      + api_key_source               = (known after apply)
      + arn                          = (known after apply)
      + binary_media_types           = [
          + "application/octet-stream",
          + "application/x-tar",
          + "application/zip",
          + "audio/basic",
          + "audio/ogg",
          + "audio/mp4",
          + "audio/mpeg",
          + "audio/wav",
          + "audio/webm",
          + "image/png",
          + "image/jpg",
          + "image/jpeg",
          + "image/gif",
          + "video/ogg",
          + "video/mpeg",
          + "video/webm",
        ]
      + body                         = (known after apply)
      + created_date                 = (known after apply)
      + description                  = (known after apply)
      + disable_execute_api_endpoint = (known after apply)
      + execution_arn                = (known after apply)
      + id                           = (known after apply)
      + minimum_compression_size     = -1
      + name                         = "test-tf-deploy"
      + policy                       = (known after apply)
      + root_resource_id             = (known after apply)
      + tags_all                     = (known after apply)

      + endpoint_configuration {
          + types            = [
              + "EDGE",
            ]
          + vpc_endpoint_ids = (known after apply)
        }
    }

  # aws_iam_role.default-role will be created
  + resource "aws_iam_role" "default-role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "lambda.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "test-tf-deploy-dev"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role_policy.default-role will be created
  + resource "aws_iam_role_policy" "default-role" {
      + id     = (known after apply)
      + name   = "default-rolePolicy"
      + policy = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "logs:CreateLogGroup",
                          + "logs:CreateLogStream",
                          + "logs:PutLogEvents",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:*:logs:*:*:*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role   = (known after apply)
    }

  # aws_lambda_function.api_handler will be created
  + resource "aws_lambda_function" "api_handler" {
      + architectures                  = (known after apply)
      + arn                            = (known after apply)
      + filename                       = "./deployment.zip"
      + function_name                  = "test-tf-deploy-dev"
      + handler                        = "app.app"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + memory_size                    = 128
      + package_type                   = "Zip"
      + publish                        = false
      + qualified_arn                  = (known after apply)
      + reserved_concurrent_executions = -1
      + role                           = (known after apply)
      + runtime                        = "python3.8"
      + signing_job_arn                = (known after apply)
      + signing_profile_version_arn    = (known after apply)
      + source_code_hash               = "G/z6BLWCK/9iNDEl1lRyYpXyFoo/hJkW0NdhLEf5tUc="
      + source_code_size               = (known after apply)
      + tags                           = {
          + "aws-chalice" = "version=1.26.5:stage=dev:app=test-tf-deploy"
        }
      + tags_all                       = {
          + "aws-chalice" = "version=1.26.5:stage=dev:app=test-tf-deploy"
        }
      + timeout                        = 60
      + version                        = (known after apply)

      + tracing_config {
          + mode = (known after apply)
        }
    }

  # aws_lambda_permission.rest_api_invoke will be created
  + resource "aws_lambda_permission" "rest_api_invoke" {
      + action        = "lambda:InvokeFunction"
      + function_name = (known after apply)
      + id            = (known after apply)
      + principal     = "apigateway.amazonaws.com"
      + source_arn    = (known after apply)
      + statement_id  = (known after apply)
    }

Plan: 6 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + EndpointURL = (known after apply)
  + RestAPIId   = (known after apply)
╷
│ Warning: Deprecated Resource
│
│   with data.null_data_source.chalice,
│   on chalice.tf.json line 109, in data.null_data_source.chalice:109:       }
│
│ The null_data_source was historically used to construct intermediate values to re-use elsewhere in configuration, the same can now be achieved using locals
│
│ (and one more similar warning elsewhere)
╵

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_iam_role.default-role: Creating...
aws_iam_role.default-role: Creation complete after 2s [id=test-tf-deploy-dev]
aws_iam_role_policy.default-role: Creating...
aws_lambda_function.api_handler: Creating...
aws_iam_role_policy.default-role: Creation complete after 1s [id=test-tf-deploy-dev:default-rolePolicy]
aws_lambda_function.api_handler: Still creating... [10s elapsed]
aws_lambda_function.api_handler: Creation complete after 14s [id=test-tf-deploy-dev]
aws_api_gateway_rest_api.rest_api: Creating...
aws_api_gateway_rest_api.rest_api: Creation complete after 1s [id=fzegk1qj6c]
aws_api_gateway_deployment.rest_api: Creating...
aws_lambda_permission.rest_api_invoke: Creating...
aws_lambda_permission.rest_api_invoke: Creation complete after 1s [id=terraform-20220203152421383500000001]
aws_api_gateway_deployment.rest_api: Creation complete after 1s [id=g8xs21]

Apply complete! Resources: 6 added, 0 changed, 0 destroyed.

TODO

  • Build a pipeline
You might also like...
A tool to guide you for team selection based on mana and ruleset using your owned cards.

Splinterlands_Teams_Guide A tool to guide you for team selection based on mana and ruleset using your owned cards. Built With This project is built wi

Module-based cryptographic tool
Module-based cryptographic tool

Cryptosploit A decryption/decoding/cracking tool using various modules. To use it, you need to have basic knowledge of cryptography. Table of Contents

CaskDB is a disk-based, embedded, persistent, key-value store based on the Riak's bitcask paper, written in Python.
CaskDB is a disk-based, embedded, persistent, key-value store based on the Riak's bitcask paper, written in Python.

CaskDB - Disk based Log Structured Hash Table Store CaskDB is a disk-based, embedded, persistent, key-value store based on the Riak's bitcask paper, w

Developing and Comparing Vision-based Algorithms for Vision-based Agile Flight
Developing and Comparing Vision-based Algorithms for Vision-based Agile Flight

DodgeDrone: Vision-based Agile Drone Flight (ICRA 2022 Competition) Would you like to push the boundaries of drone navigation? Then participate in the

PyDy, short for Python Dynamics, is a tool kit written in the Python
PyDy, short for Python Dynamics, is a tool kit written in the Python

PyDy, short for Python Dynamics, is a tool kit written in the Python programming language that utilizes an array of scientific programs to enable the study of multibody dynamics. The goal is to have a modular framework and eventually a physics abstraction layer which utilizes a variety of backends that can provide the user with their desired workflow

Synthetik Python Mod - A save editor tool for the game Synthetik written in python

Synthetik_Python_Mod A save editor tool for the game Synthetik written in python

A flexible free and unlimited python tool to translate between different languages in a simple way using multiple translators.
A flexible free and unlimited python tool to translate between different languages in a simple way using multiple translators.

deep-translator Translation for humans A flexible FREE and UNLIMITED tool to translate between different languages in a simple way using multiple tran

Simple Python tool to check if there is an Office 365 instance linked to a domain.

o365chk.py Simple Python script to check if there is an Office365 instance linked to a particular domain.

Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS).

Certipy Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Based on the C# variant Ce

Owner
Csilla Bessenyei
Csilla Bessenyei
Exploring basic lambda calculus in Python

Lambda Exploring basic lambda calculus in Python. In this repo I have used the lambda function built into python to get a more intiutive feel of lambd

Bhardwaj Bhaskar 2 Nov 12, 2021
Serverless demo showing users how they can capture (and obfuscate) their Lambda payloads in Datadog APM

Serverless-capture-lambda-payload-demo Serverless demo showing users how they can capture (and obfuscate) their Lambda payloads in Datadog APM This wi

Datadog, Inc. 1 Nov 2, 2021
Let's pretend you want to create a AWS Lambda project called "sns-processor".

Usage Let's pretend you want to create a AWS Lambda project called "sns-processor". Rather than using lambda and then editing the results to include y

null 1 Dec 31, 2021
A git extension for seeing your Cloud Build deployment

A git extension for seeing your Cloud Build deployment

Katie McLaughlin 13 May 10, 2022
Example teacher bot for deployment to Chai app.

Create and share your own chatbot Here is the code for uploading the popular "Ms Harris (Teacher)" chatbot to the Chai app. You can tweak the config t

Chai 1 Jan 10, 2022
A tool to flash .ofp files in bootloader mode without needing MSM Tool, an alternative to official realme tool

Oppo/Realme Flash .OFP File on Bootloader A tool to flash .ofp files in bootloader mode without needing MSM Tool, an alternative to official realme to

Italo Almeida 70 Jan 2, 2023
A python tool that creates issues in your repos based on TODO comments in your code

Krypto A neat little sidekick python script to create issues on your repo based on comments left in the code on your behalf Convert todo comments in y

Alex Antoniou 4 Oct 26, 2021
A Regex based linter tool that works for any language and works exclusively with custom linting rules.

renag Documentation Available Here Short for Regex (re) Nag (like "one who complains"). Now also PEGs (Parsing Expression Grammars) compatible with py

Ryan Peach 12 Oct 20, 2022
A tool that automatically creates fuzzing harnesses based on a library

AutoHarness is a tool that automatically generates fuzzing harnesses for you. This idea stems from a concurrent problem in fuzzing codebases today: large codebases have thousands of functions and pieces of code that can be embedded fairly deep into the library. It is very hard or sometimes even impossible for smart fuzzers to reach that codepath. Even for large fuzzing projects such as oss-fuzz, there are still parts of the codebase that are not covered in fuzzing. Hence, this program tries to alleviate this problem in some capacity as well as provide a tool that security researchers can use to initially test a code base. This program only supports code bases which are coded in C and C++.

null 261 Jan 4, 2023
vFuzzer is a tool developed for fuzzing buffer overflows, For now, It can be used for fuzzing plain vanilla stack based buffer overflows

vFuzzer vFuzzer is a tool developed for fuzzing buffer overflows, For now, It can be used for fuzzing plain vanilla stack based buffer overflows, The

Vedant Bhalgama 5 Nov 12, 2022