英文:
Lambda functions SSM environment variables are not updated
问题
I created a new cognito stack. I can see in the parameter store that the variables are updated to have the new ids of the new Cognito stack. However, in my lambdas the env variables are still pointing to the old cognito stack ids which is now deleted. It looks like a cache issue.. I tried deploy with --no-previous-parameters
but it didn't work, any idea on what should I do ?
我创建了一个新的Cognito堆栈。我可以在参数存储中看到变量已更新为新的Cognito堆栈的新ID。然而,在我的Lambda函数中,环境变量仍然指向已删除的旧Cognito堆栈的ID,看起来像是缓存问题。我尝试使用 --no-previous-parameters
部署,但没有效果,您有什么建议吗?
英文:
I created a new cognito stack. I can see in the parameter store that the variables are updated to have the new ids of the new Cognito stack.
However, in my lambdas the env variables are still pointing to the old cognito stack ids which is now deleted. It looks like a cache issue..
I tried deploy with --no-previous-paremeters
but it didn't work, any idea on what should I do ?
<!-- begin snippet: js hide: false console: true babel: false -->
<!-- language: lang-js -->
export class SSMParameterReader extends AwsCustomResource {
constructor(scope: Construct, name: string, props: SSMParameterReaderProps) {
const { parameterName, region } = props;
const ssmAwsSdkCall: AwsSdkCall = {
service: 'SSM',
action: 'getParameter',
parameters: {
Name: parameterName,
},
region,
physicalResourceId: { id: name }, // Update physical id to always fetch the latest version
};
super(scope, name, {
onUpdate: ssmAwsSdkCall,
policy: {
statements: [
new iam.PolicyStatement({
resources: ['*'],
actions: ['ssm:GetParameter'],
effect: iam.Effect.ALLOW,
}),
],
},
});
}
public getParameterValue(): string {
return this.getResponseField('Parameter.Value').toString();
}
}
<!-- end snippet -->
And then I call this function to get my parameter
<!-- begin snippet: js hide: false console: true babel: false -->
<!-- language: lang-js -->
export function getFromSSM(scope: Construct, paramName: string, env?: any): string {
return new SSMParameterReader(scope, scope.node.id + paramName + 'Reader', {
parameterName: paramName,
region: env?.region || 'eu-central-1',
}).getParameterValue();
}
<!-- end snippet -->
答案1
得分: 1
您需要随机化physicalResourceId
,以便自定义资源会收到更新事件并始终调用SDK调用,即:
physicalResourceId: cr.PhysicalResourceId.of(Date.now().toString())
考虑以下代码:
export interface SSMParameterReaderProps {
readonly parameterName: string;
readonly region: string;
}
export class SSMParameterReader extends cr.AwsCustomResource {
constructor(scope: Construct, name: string, props: SSMParameterReaderProps) {
const { parameterName, region } = props;
const ssmAwsSdkCall: cr.AwsSdkCall = {
service: 'SSM',
action: 'getParameter',
parameters: {
Name: parameterName,
},
region,
physicalResourceId: cr.PhysicalResourceId.of(Date.now().toString()), // 更新物理标识以始终获取最新版本
};
super(scope, name, {
onUpdate: ssmAwsSdkCall,
policy: {
statements: [
new iam.PolicyStatement({
resources: ['*'],
actions: ['ssm:GetParameter'],
effect: iam.Effect.ALLOW,
}),
],
},
});
}
public getParameterValue(): string {
return this.getResponseField('Parameter.Value').toString();
}
}
app.ts
:
const app = new cdk.App();
const env = { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION };
const stack = new cdk.Stack(app, 'SSMCreator', { env })
new ssm.StringParameter(stack, 'Foo', { parameterName: 'foo', stringValue: 'bar' });
const reader = new SSMParameterReader(stack, 'SSMReader', {
parameterName: 'foo',
region: process.env.CDK_DEFAULT_REGION || 'us-east-1',
});
new cdk.CfnOutput(stack, 'Value', { value: reader.getParameterValue()});
在初始部署时,您将获得bar
作为初始值:
Outputs:
SSMCreator.Value = bar
现在,让我们使用AWS CLI进行更新:
aws ssm put-parameter --name foo --value $(date +%s) --overwrite
再次部署,您将获得新的值:
Outputs:
SSMCreator.Value = 1680733424
请告诉我是否对您有帮助。
英文:
You need to randomize the physicalResourceId
so the custom resource will recieve the Update event and always invoke the SDK call, i.e.
physicalResourceId: cr.PhysicalResourceId.of(Date.now().toString())
Consider the following code:
<!-- begin snippet: js hide: false console: true babel: false -->
<!-- language: lang-js -->
export interface SSMParameterReaderProps {
readonly parameterName: string;
readonly region: string;
};
export class SSMParameterReader extends cr.AwsCustomResource {
constructor(scope: Construct, name: string, props: SSMParameterReaderProps) {
const { parameterName, region } = props;
const ssmAwsSdkCall: cr.AwsSdkCall = {
service: 'SSM',
action: 'getParameter',
parameters: {
Name: parameterName,
},
region,
physicalResourceId: cr.PhysicalResourceId.of(Date.now().toString()), // Update physical id to always fetch the latest version
};
super(scope, name, {
onUpdate: ssmAwsSdkCall,
policy: {
statements: [
new iam.PolicyStatement({
resources: ['*'],
actions: ['ssm:GetParameter'],
effect: iam.Effect.ALLOW,
}),
],
},
});
}
public getParameterValue(): string {
return this.getResponseField('Parameter.Value').toString();
}
}
<!-- end snippet -->
And app.ts
<!-- begin snippet: js hide: false console: true babel: false -->
<!-- language: lang-js -->
const app = new cdk.App();
const env = { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION };
const stack = new cdk.Stack(app, 'SSMCreator', { env })
new ssm.StringParameter(stack, 'Foo', { parameterName: 'foo', stringValue: 'bar' });
const reader = new SSMParameterReader(stack, 'SSMReader', {
parameterName: 'foo',
region: process.env.CDK_DEFAULT_REGION || 'us-east-1',
});
new cdk.CfnOutput(stack, 'Value', { value: reader.getParameterValue()});
<!-- end snippet -->
On initial deployment, you get bar
as the initial value:
Outputs:
SSMCreator.Value = bar
Now, let's update it with AWS CLI:
aws ssm put-parameter --name foo --value $(date +%s) --overwrite
deploy again and you get the new value:
Outputs:
SSMCreator.Value = 1680733424
Let me know if it works for you.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论