Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@aws-cdk/aws-lambda-python
Advanced tools
AWS CDK v1 has reached End-of-Support on 2023-06-01. This package is no longer being updated, and users should migrate to AWS CDK v2.
For more information on how to migrate, see the Migrating to AWS CDK v2 guide.
This library provides constructs for Python Lambda functions.
To use this module, you will need to have Docker installed.
Define a PythonFunction
:
new lambda.PythonFunction(this, 'MyFunction', {
entry: '/path/to/my/function', // required
runtime: Runtime.PYTHON_3_8, // required
index: 'my_index.py', // optional, defaults to 'index.py'
handler: 'my_exported_func', // optional, defaults to 'handler'
});
All other properties of lambda.Function
are supported, see also the AWS Lambda construct library.
You may create a python-based lambda layer with PythonLayerVersion
. If PythonLayerVersion
detects a requirements.txt
or Pipfile
or poetry.lock
with the associated pyproject.toml
at the entry path, then PythonLayerVersion
will include the dependencies inline with your code in the
layer.
Define a PythonLayerVersion
:
new lambda.PythonLayerVersion(this, 'MyLayer', {
entry: '/path/to/my/layer', // point this to your library's directory
})
A layer can also be used as a part of a PythonFunction
:
new lambda.PythonFunction(this, 'MyFunction', {
entry: '/path/to/my/function',
runtime: Runtime.PYTHON_3_8,
layers: [
new lambda.PythonLayerVersion(this, 'MyLayer', {
entry: '/path/to/my/layer', // point this to your library's directory
}),
],
});
If requirements.txt
, Pipfile
or poetry.lock
exists at the entry path, the construct will handle installing all required modules in a Lambda compatible Docker container according to the runtime
and with the Docker platform based on the target architecture of the Lambda function.
Python bundles are only recreated and published when a file in a source directory has changed. Therefore (and as a general best-practice), it is highly recommended to commit a lockfile with a list of all transitive dependencies and their exact versions. This will ensure that when any dependency version is updated, the bundle asset is recreated and uploaded.
To that end, we recommend using [pipenv
] or [poetry
] which have lockfile support.
Packaging is executed using the Packaging
class, which:
Pipfile
or a poetry.lock
file, it exports it to a compatible requirements.txt
file with credentials (if they're available in the source files or in the bundling container).pip
.Lambda with a requirements.txt
.
├── lambda_function.py # exports a function named 'handler'
├── requirements.txt # has to be present at the entry path
Lambda with a Pipfile
.
├── lambda_function.py # exports a function named 'handler'
├── Pipfile # has to be present at the entry path
├── Pipfile.lock # your lock file
Lambda with a poetry.lock
.
├── lambda_function.py # exports a function named 'handler'
├── pyproject.toml # your poetry project definition
├── poetry.lock # your poetry lock file has to be present at the entry path
Custom bundling can be performed by passing in additional build arguments that point to index URLs to private repos, or by using an entirely custom Docker images for bundling dependencies. The build args currently supported are:
PIP_INDEX_URL
PIP_EXTRA_INDEX_URL
HTTPS_PROXY
Additional build args for bundling that refer to PyPI indexes can be specified as:
const entry = '/path/to/function';
const image = DockerImage.fromBuild(entry);
new lambda.PythonFunction(this, 'function', {
entry,
runtime: Runtime.PYTHON_3_8,
bundling: {
buildArgs: { PIP_INDEX_URL: "https://your.index.url/simple/", PIP_EXTRA_INDEX_URL: "https://your.extra-index.url/simple/" },
},
});
If using a custom Docker image for bundling, the dependencies are installed with pip
, pipenv
or poetry
by using the Packaging
class. A different bundling Docker image that is in the same directory as the function can be specified as:
const entry = '/path/to/function';
const image = DockerImage.fromBuild(entry);
new lambda.PythonFunction(this, 'function', {
entry,
runtime: Runtime.PYTHON_3_8,
bundling: { image },
});
To use a Code Artifact PyPI repo, the PIP_INDEX_URL
for bundling the function can be customized (requires AWS CLI in the build environment):
import { execSync } from 'child_process';
const entry = '/path/to/function';
const image = DockerImage.fromBuild(entry);
const domain = 'my-domain';
const domainOwner = '111122223333';
const repoName = 'my_repo';
const region = 'us-east-1';
const codeArtifactAuthToken = execSync(`aws codeartifact get-authorization-token --domain ${domain} --domain-owner ${domainOwner} --query authorizationToken --output text`).toString().trim();
const indexUrl = `https://aws:${codeArtifactAuthToken}@${domain}-${domainOwner}.d.codeartifact.${region}.amazonaws.com/pypi/${repoName}/simple/`;
new lambda.PythonFunction(this, 'function', {
entry,
runtime: Runtime.PYTHON_3_8,
bundling: {
environment: { PIP_INDEX_URL: indexUrl },
},
});
The index URL or the token are only used during bundling and thus not included in the final asset. Setting only environment variable for PIP_INDEX_URL
or PIP_EXTRA_INDEX_URL
should work for accesing private Python repositories with pip
, pipenv
and poetry
based dependencies.
If you also want to use the Code Artifact repo for building the base Docker image for bundling, use buildArgs
. However, note that setting custom build args for bundling will force the base bundling image to be rebuilt every time (i.e. skip the Docker cache). Build args can be customized as:
import { execSync } from 'child_process';
const entry = '/path/to/function';
const image = DockerImage.fromBuild(entry);
const domain = 'my-domain';
const domainOwner = '111122223333';
const repoName = 'my_repo';
const region = 'us-east-1';
const codeArtifactAuthToken = execSync(`aws codeartifact get-authorization-token --domain ${domain} --domain-owner ${domainOwner} --query authorizationToken --output text`).toString().trim();
const indexUrl = `https://aws:${codeArtifactAuthToken}@${domain}-${domainOwner}.d.codeartifact.${region}.amazonaws.com/pypi/${repoName}/simple/`;
new lambda.PythonFunction(this, 'function', {
entry,
runtime: Runtime.PYTHON_3_8,
bundling: {
buildArgs: { PIP_INDEX_URL: indexUrl },
},
});
FAQs
The CDK Construct Library for AWS Lambda in Python
The npm package @aws-cdk/aws-lambda-python receives a total of 1,195 weekly downloads. As such, @aws-cdk/aws-lambda-python popularity was classified as popular.
We found that @aws-cdk/aws-lambda-python demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.