Container image support for AWS Lambda via cloudformation

Asked 31/1, 2021 at 7:16 Answered 28/6 at 13:13

Solved amazon-web-services aws-lambda aws-cloudformation

AWS Lambda now supports container images as a packaging format. Ref

Does cloudformation support using Container image for deploying AWS Lambda?

Something similar to packaging and deployment support via S3 Ref

Delfinadelfine answered 31/1, 2021 at 7:16 Comment(0)

Does cloudformation support using Container image for deploying AWS Lambda?

Yes it does. AWS::Lambda::Function has new properties specific to container images, such as:

ImageConfig
PackageType
ImageUri

Radu answered 31/1, 2021 at 7:50 Comment(5)

cool did not know this. what are possible use cases for this? – Bulter 31/1, 2021 at 15:15

The OP is @jenson. I upvoted, thanks for the info. – Bulter 1/2, 2021 at 1:41

@RodrigoM Oh. Sorry. Got confused :-) – Radu 1/2, 2021 at 1:42

@Marcin, One more related question: Does it support registry other than AWS ECR? like Docker hub or private JFrog? Thanks! – Delfinadelfine 2/2, 2021 at 2:40

@Delfinadelfine Yes, both ECR public and docker hub should work. – Radu 2/2, 2021 at 2:44

@Marcin points to the correct documentation. @Jenson 's answer relies on AWS SAM.

Here is the pure CloudFormation template:

AWSTemplateFormatVersion: '2010-09-09'
Parameters:
  EcrImageUri:
    Description: ECR image URI
    Type: String
Resources:
  LambdaShogi:
    Type: AWS::Lambda::Function
    Properties:
      PackageType: Image
      Role:
        Fn::GetAtt:
        - LambdaShogiRole
        - Arn
      Code:
        ImageUri: !Ref 'EcrImageUri'
      Architectures:
        - x86_64
      MemorySize: 1024
      Timeout: 300
  LambdaShogiRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: /
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

By passing the image URI, you can deploy the container Lambda function:

$ aws cloudformation deploy \
  --stack-name lambda-container-test \
  --template-file ./cfn.yml \
  --parameter-overrides EcrImageUri=<YOUR-ACCOUNT-ID>.dkr.ecr.<REGION>.amazonaws.com/test:latest \
  --capabilities CAPABILITY_IAM

Hydrophilous answered 5/1, 2022 at 16:52 Comment(0)

Sample template:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  TestNode12Lambda:
    Type: AWS::Serverless::Function
    Properties:
      PackageType: Image
      FunctionName: testnode12lambda
      Role:
        Fn::GetAtt:
        - TestNode12LambdaRole
        - Arn
      ImageUri: {aws_account_id}.dkr.ecr.us-east-1.amazonaws.com/lambda-container:latest
      Timeout: 300
  TestNode12LambdaRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: TestNode12LambdaRole
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: /
      Policies:
      - PolicyName: AWSLambdaBasicExecutionRole
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:PutLogEvents
            Resource: '*'

Command to deploy: aws cloudformation deploy --template-file resources.yml --stack-name lambdacft --capabilities CAPABILITY_NAMED_IAM

Sample code to deploy node12 Lambda as container image: https://github.com/jensonjoseph/lambda-cft

Delfinadelfine answered 2/2, 2021 at 1:1 Comment(0)

To add to the existing answers, here's a simplified template that includes the definition of both the ECR Repo and the Lambda Function.

Yes, you can deploy AWS Lambda Functions using Container Images and can do so using AWS CloudFormation in a similar style to using S3, the only difference is that the PackageType must be specified and set to Image and that the Code is defined using the ImageUri field instead of S3Bucket and S3Key.

Here is a sample template that defines an ECR Repository and a Lambda Function:

Resources:
  MyRepository:
    Type: AWS::ECR::Repository

  MyFunction:
    Type: AWS::Lambda::Function
    Properties:
      PackageType: Image
      Code:
        ImageUri: !Sub "${MyRepository.RepositoryUri}:tag"

I've included just the bare details, but there are many other properties you may wish to specify on these resources.

Here's a more detailed ECR Repository definition:

  ContainerRepository:
    Type: AWS::ECR::Repository
    Properties:
      EmptyOnDelete: true
      EncryptionConfiguration:
        EncryptionType: AES256
      ImageScanningConfiguration:
        ScanOnPush: true
      ImageTagMutability: MUTABLE
      LifecyclePolicy:
        LifecyclePolicyText: |
          {
            "rules": [
              {
                "rulePriority": 1,
                "description": "Expire untagged images older than 14 days",
                "selection": {
                  "tagStatus": "untagged",
                  "countType": "sinceImagePushed",
                  "countUnit": "days",
                  "countNumber": 14
                },
                "action": {
                  "type": "expire"
                }
              }
            ]
          }
      RepositoryName: "my-container-repository"

Uterus answered 28/6 at 13:13 Comment(0)

Try to add these under your lambda function properties

Properties: PackageType: Image ImageUri: # get it from ECR

Remove code , CodeUri , runtime , layers and handler properties from the yaml file for that lambda function

Rostand answered 22/8, 2022 at 8:58 Comment(0)

Recommended topics

Hot tags