Using a container image to add the Amazon AppConfig Agent Lambda extension
You can package your Amazon AppConfig Agent Lambda extension as a container image to upload it to your container registry hosted on Amazon Elastic Container Registry (Amazon ECR).
To add the Amazon AppConfig Agent Lambda extension as a Lambda container image
-
Enter the Amazon Web Services Region and the Amazon Resource Name (ARN) in the Amazon Command Line Interface (Amazon CLI) as shown below. Replace the Region and ARN value with your Region and the matching ARN to retrieve a copy of the Lambda layer. Amazon AppConfig provides ARNs for x86-64 and ARM64 platforms.
aws lambda get-layer-version-by-arn \ --region
Amazon Web Services Region
\ --arnextension ARN
Here's an example.
aws lambda get-layer-version-by-arn \ --region us-east-1 \ --arn arn:aws:lambda:us-east-1:027255383542:layer:AWS-AppConfig-Extension:128
The response looks like the following:
{ "LayerVersionArn": "arn:aws:lambda:us-east-1:027255383542:layer:AWS-AppConfig-Extension:128", "Description": "Amazon AppConfig extension: Use dynamic configurations deployed via Amazon AppConfig for your Amazon Lambda functions", "CreatedDate": "2021-04-01T02:37:55.339+0000", "LayerArn": "arn:aws:lambda::layer:Amazon-AppConfig-Extension", "Content": { "CodeSize": 5228073, "CodeSha256": "8otOgbLQbexpUm3rKlMhvcE6Q5TvwcLCKrc4Oe+vmMY=", "Location" : "S3-Bucket-Location-URL" }, "Version": 30, "CompatibleRuntimes": [ "python3.8", "python3.7", "nodejs12.x", "ruby2.7" ], }
-
In the above response, the value returned for
Location
is the URL of the Amazon Simple Storage Service (Amazon S3) bucket that contains the Lambda extension. Paste the URL into your web browser to download the Lambda extension .zip file.Note
The Amazon S3 bucket URL is available for only 10 minutes.
(Optional) Alternatively, you can also use the following
curl
command to download the Lambda extension.curl -o extension.zip "
S3-Bucket-Location-URL
"(Optional) Alternatively, you can combine Step 1 and Step 2 to retrieve the ARN and download the .zip extension file all at once.
aws lambda get-layer-version-by-arn \ --arn
extension ARN
\ | jq -r '.Content.Location' \ | xargs curl -o extension.zip -
Add the following lines in your
Dockerfile
to add the extension to your container image.COPY extension.zip extension.zip RUN yum install -y unzip \ && unzip extension.zip /opt \ && rm -f extension.zip
-
Ensure that the Lambda function execution role has the appconfig:GetConfiguration permission set.
Example
This section includes an example for enabling the Amazon AppConfig Agent Lambda extension on a container image-based Python Lambda function.
-
Create a
Dockerfile
that is similar to the following.FROM public.ecr.aws/lambda/python:3.8 AS builder COPY extension.zip extension.zip RUN yum install -y unzip \ && unzip extension.zip -d /opt \ && rm -f extension.zip FROM public.ecr.aws/lambda/python:3.8 COPY --from=builder /opt /opt COPY index.py ${LAMBDA_TASK_ROOT} CMD [ "index.handler" ]
-
Download the extension layer to the same directory as the
Dockerfile
.aws lambda get-layer-version-by-arn \ --arn
extension ARN
\ | jq -r '.Content.Location' \ | xargs curl -o extension.zip -
Create a Python file named
index.py
in the same directory as theDockerfile
.import urllib.request def handler(event, context): return { # replace parameters here with your application, environment, and configuration names 'configuration': get_configuration('myApp', 'myEnv', 'myConfig'), } def get_configuration(app, env, config): url = f'http://localhost:2772/applications/{app}/environments/{env}/configurations/{config}' return urllib.request.urlopen(url).read()
-
Run the following steps to build the
docker
image and upload it to Amazon ECR.// set environment variables export ACCOUNT_ID = <YOUR_ACCOUNT_ID> export REGION = <AWS_REGION> // create an ECR repository aws ecr create-repository --repository-name test-repository // build the docker image docker build -t test-image . // sign in to AWS aws ecr get-login-password \ | docker login \ --username AWS \ --password-stdin "$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com" // tag the image docker tag test-image:latest "$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/test-repository:latest" // push the image to ECR docker push "$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/test-repository:latest"
-
Use the Amazon ECR image that you created above to create the Lambda function. For more information about a Lambda function as a container, see Create a Lambda function defined as a container image.
-
Ensure that the Lambda function execution role has the appconfig:GetConfiguration permission set.