Using a container image to add the Amazon AppConfig Agent Lambda extension - Amazon AppConfig
Example
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using a container image to add the Amazon AppConfig Agent Lambda extension

You can package your Amazon AppConfig Agent Lambda extension as a container image to upload it to your container registry hosted on Amazon Elastic Container Registry (Amazon ECR).

To add the Amazon AppConfig Agent Lambda extension as a Lambda container image

  1. Enter the Amazon Web Services Region and the Amazon Resource Name (ARN) in the Amazon Command Line Interface (Amazon CLI) as shown below. Replace the Region and ARN value with your Region and the matching ARN to retrieve a copy of the Lambda layer. Amazon AppConfig provides ARNs for x86-64 and ARM64 platforms.

    aws lambda get-layer-version-by-arn \
  --region Amazon Web Services Region \
  --arn extension ARN

    Here's an example.

    aws lambda get-layer-version-by-arn \
  --region us-east-1 \
  --arn arn:aws:lambda:us-east-1:027255383542:layer:AWS-AppConfig-Extension:128

    The response looks like the following:

    {
  "LayerVersionArn": "arn:aws:lambda:us-east-1:027255383542:layer:AWS-AppConfig-Extension:128", 
  "Description": "Amazon AppConfig extension: Use dynamic configurations deployed via Amazon AppConfig for your Amazon Lambda functions",
  "CreatedDate": "2021-04-01T02:37:55.339+0000",  
  "LayerArn": "arn:aws:lambda::layer:Amazon-AppConfig-Extension", 

  "Content": {
    "CodeSize": 5228073, 
    "CodeSha256": "8otOgbLQbexpUm3rKlMhvcE6Q5TvwcLCKrc4Oe+vmMY=", 
    "Location" : "S3-Bucket-Location-URL"
  },

  "Version": 30,
  "CompatibleRuntimes": [
    "python3.8",
    "python3.7",
    "nodejs12.x",
    "ruby2.7"
  ],
}

  2. In the above response, the value returned for Location is the URL of the Amazon Simple Storage Service (Amazon S3) bucket that contains the Lambda extension. Paste the URL into your web browser to download the Lambda extension .zip file.

    Note

    The Amazon S3 bucket URL is available for only 10 minutes.

    (Optional) Alternatively, you can also use the following curl command to download the Lambda extension.

    curl -o extension.zip "S3-Bucket-Location-URL"

    (Optional) Alternatively, you can combine Step 1 and Step 2 to retrieve the ARN and download the .zip extension file all at once. 

    aws lambda get-layer-version-by-arn \
  --arn extension ARN \
  | jq -r '.Content.Location' \
  | xargs curl -o extension.zip

  3. Add the following lines in your Dockerfile to add the extension to your container image.

    COPY extension.zip extension.zip
RUN yum install -y unzip \
  && unzip extension.zip /opt \
  && rm -f extension.zip

  4. Ensure that the Lambda function execution role has the appconfig:GetConfiguration permission set.

Example

This section includes an example for enabling the Amazon AppConfig Agent Lambda extension on a container image-based Python Lambda function.

  1. Create a Dockerfile that is similar to the following.

    FROM public.ecr.aws/lambda/python:3.8 AS builder
COPY extension.zip extension.zip
RUN yum install -y unzip \
  && unzip extension.zip -d /opt \
  && rm -f extension.zip

FROM public.ecr.aws/lambda/python:3.8
COPY --from=builder /opt /opt
COPY index.py ${LAMBDA_TASK_ROOT}
CMD [ "index.handler" ]

  2. Download the extension layer to the same directory as the Dockerfile. 

    aws lambda get-layer-version-by-arn \
  --arn extension ARN \
  | jq -r '.Content.Location' \
  | xargs curl -o extension.zip

  3. Create a Python file named index.py in the same directory as the Dockerfile. 

    import urllib.request

def handler(event, context):
    return {
       # replace parameters here with your application, environment, and configuration names
       'configuration': get_configuration('myApp', 'myEnv', 'myConfig'),
    }

def get_configuration(app, env, config):
    url = f'http://localhost:2772/applications/{app}/environments/{env}/configurations/{config}'
    return urllib.request.urlopen(url).read()

  4. Run the following steps to build the docker image and upload it to Amazon ECR.

    // set environment variables
export ACCOUNT_ID = <YOUR_ACCOUNT_ID>
export REGION = <AWS_REGION>

// create an ECR repository
aws ecr create-repository --repository-name test-repository

// build the docker image
docker build -t test-image .

// sign in to AWS
aws ecr get-login-password \
  | docker login \
  --username AWS \
  --password-stdin "$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com"

// tag the image 
docker tag test-image:latest "$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/test-repository:latest"

// push the image to ECR 
docker push "$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/test-repository:latest"

  5. Use the Amazon ECR image that you created above to create the Lambda function. For more information about a Lambda function as a container, see Create a Lambda function defined as a container image.

  6. Ensure that the Lambda function execution role has the appconfig:GetConfiguration permission set.