1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
|
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
DOCUMENTATION = r"""
---
module: lambda_layer
version_added: 5.5.0
short_description: Creates an AWS Lambda layer or deletes an AWS Lambda layer version
description:
- This module allows the management of AWS Lambda functions aliases via the Ansible
- Creates an Lambda layer from a ZIP archive.
Each time you call this module with the same layer name, a new version is created.
- Deletes a version of an Lambda layer.
author: "Aubin Bikouo (@abikouo)"
options:
state:
description:
- Determines if an Lambda layer should be created, or deleted. When set to C(present), an Lambda layer version will be
created. If set to C(absent), an existing Lambda layer version will be deleted.
type: str
default: present
choices: [ absent, present ]
name:
description:
- The name or Amazon Resource Name (ARN) of the Lambda layer.
type: str
required: true
aliases:
- layer_name
description:
description:
- The description of the version.
- Ignored when I(state=absent).
- Mutually exclusive with I(version).
type: str
content:
description:
- The function layer archive.
- Required when I(state=present).
- Ignored when I(state=absent).
- Mutually exclusive with I(version).
type: dict
suboptions:
s3_bucket:
description:
- The Amazon S3 bucket of the layer archive.
type: str
s3_key:
description:
- The Amazon S3 key of the layer archive.
type: str
s3_object_version:
description:
- For versioned objects, the version of the layer archive object to use.
type: str
zip_file:
description:
- Path to the base64-encoded file of the layer archive.
type: path
compatible_runtimes:
description:
- A list of compatible function runtimes.
- Ignored when I(state=absent).
- Mutually exclusive with I(version).
type: list
elements: str
license_info:
description:
- The layer's software license. It can be any of an SPDX license identifier,
the URL of a license hosted on the internet or the full text of the license.
- Ignored when I(state=absent).
- Mutually exclusive with I(version).
type: str
compatible_architectures:
description:
- A list of compatible instruction set architectures. For example, x86_64.
- Mutually exclusive with I(version).
type: list
elements: str
version:
description:
- The version number of the layer to delete.
- Set to C(-1) to delete all versions for the specified layer name.
- Required when I(state=absent).
- Ignored when I(state=present).
- Mutually exclusive with I(description), I(content), I(compatible_runtimes),
I(license_info), I(compatible_architectures).
type: int
extends_documentation_fragment:
- amazon.aws.common.modules
- amazon.aws.region.modules
- amazon.aws.boto3
"""
EXAMPLES = r"""
---
# Create a new Python library layer version from a zip archive located into a S3 bucket
- name: Create a new python library layer
amazon.aws.lambda_layer:
state: present
name: sample-layer
description: 'My Python layer'
content:
s3_bucket: 'lambda-layers-us-west-2-123456789012'
s3_key: 'python_layer.zip'
compatible_runtimes:
- python3.6
- python3.7
license_info: MIT
compatible_architectures:
- x86_64
# Create a layer version from a zip in the local filesystem
- name: Create a new layer from a zip in the local filesystem
amazon.aws.lambda_layer:
state: present
name: sample-layer
description: 'My Python layer'
content:
zip_file: 'python_layer.zip'
compatible_runtimes:
- python3.6
- python3.7
license_info: MIT
compatible_architectures:
- x86_64
# Delete a layer version
- name: Delete a layer version
amazon.aws.lambda_layer:
state: absent
name: sample-layer
version: 2
# Delete all versions of test-layer
- name: Delete all versions
amazon.aws.lambda_layer:
state: absent
name: test-layer
version: -1
"""
RETURN = r"""
layer_version:
description: info about the layer version that was created or deleted.
returned: always
type: list
elements: dict
contains:
content:
description: Details about the layer version.
returned: I(state=present)
type: complex
contains:
location:
description: A link to the layer archive in Amazon S3 that is valid for 10 minutes.
returned: I(state=present)
type: str
sample: "https://awslambda-us-east-1-layers.s3.us-east-1.amazonaws.com/snapshots/123456789012/pylayer-9da91deffd3b4941b8baeeae5daeffe4"
code_sha256:
description: The SHA-256 hash of the layer archive.
returned: I(state=present)
type: str
sample: "VLluleJZ3HTwDrdYolSMrS+8iPwEkcoXXaegjXf+dmc="
code_size:
description: The size of the layer archive in bytes.
returned: I(state=present)
type: int
sample: 9473675
signing_profile_version_arn:
description: The Amazon Resource Name (ARN) for a signing profile version.
returned: When a signing profile is defined
type: str
signing_job_arn:
description: The Amazon Resource Name (ARN) of a signing job.
returned: When a signing profile is defined
type: str
layer_arn:
description: The ARN of the layer.
returned: if the layer version exists or has been created
type: str
sample: "arn:aws:lambda:eu-west-2:123456789012:layer:pylayer"
layer_version_arn:
description: The ARN of the layer version.
returned: if the layer version exists or has been created
type: str
sample: "arn:aws:lambda:eu-west-2:123456789012:layer:pylayer:2"
description:
description: The description of the version.
returned: I(state=present)
type: str
created_date:
description: The date that the layer version was created, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).
returned: if the layer version exists or has been created
type: str
sample: "2022-09-28T14:27:35.866+0000"
version:
description: The version number.
returned: if the layer version exists or has been created
type: int
sample: 1
compatible_runtimes:
description: A list of compatible runtimes.
returned: if it was defined for the layer version.
type: list
sample: ["python3.7"]
license_info:
description: The layer's software license.
returned: if it was defined for the layer version.
type: str
sample: "GPL-3.0-only"
compatible_architectures:
description: A list of compatible instruction set architectures.
returned: if it was defined for the layer version.
type: list
"""
try:
import botocore
except ImportError:
pass # Handled by AnsibleAWSModule
from ansible.module_utils.common.dict_transformations import camel_dict_to_snake_dict
from ansible_collections.amazon.aws.plugins.module_utils.modules import AnsibleAWSModule
from ansible_collections.amazon.aws.plugins.module_utils.retries import AWSRetry
@AWSRetry.jittered_backoff()
def _list_layer_versions(client, **params):
paginator = client.get_paginator("list_layer_versions")
return paginator.paginate(**params).build_full_result()
class LambdaLayerFailure(Exception):
def __init__(self, exc, msg):
self.exc = exc
self.msg = msg
super().__init__(self)
def list_layer_versions(lambda_client, name):
try:
layer_versions = _list_layer_versions(lambda_client, LayerName=name)["LayerVersions"]
return [camel_dict_to_snake_dict(layer) for layer in layer_versions]
except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
raise LambdaLayerFailure(e, f"Unable to list layer versions for name {name}")
def create_layer_version(lambda_client, params, check_mode=False):
if check_mode:
return {"msg": "Create operation skipped - running in check mode", "changed": True}
opt = {"LayerName": params.get("name"), "Content": {}}
keys = [
("description", "Description"),
("compatible_runtimes", "CompatibleRuntimes"),
("license_info", "LicenseInfo"),
("compatible_architectures", "CompatibleArchitectures"),
]
for k, d in keys:
if params.get(k) is not None:
opt[d] = params.get(k)
# Read zip file if any
zip_file = params["content"].get("zip_file")
if zip_file is not None:
with open(zip_file, "rb") as zf:
opt["Content"]["ZipFile"] = zf.read()
else:
opt["Content"]["S3Bucket"] = params["content"].get("s3_bucket")
opt["Content"]["S3Key"] = params["content"].get("s3_key")
if params["content"].get("s3_object_version") is not None:
opt["Content"]["S3ObjectVersion"] = params["content"].get("s3_object_version")
try:
layer_version = lambda_client.publish_layer_version(**opt)
layer_version.pop("ResponseMetadata", None)
return {"changed": True, "layer_versions": [camel_dict_to_snake_dict(layer_version)]}
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e:
raise LambdaLayerFailure(e, "Failed to publish a new layer version (check that you have required permissions).")
def delete_layer_version(lambda_client, params, check_mode=False):
name = params.get("name")
version = params.get("version")
layer_versions = list_layer_versions(lambda_client, name)
deleted_versions = []
changed = False
for layer in layer_versions:
if version == -1 or layer["version"] == version:
deleted_versions.append(layer)
changed = True
if not check_mode:
try:
lambda_client.delete_layer_version(LayerName=name, VersionNumber=layer["version"])
except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e:
raise LambdaLayerFailure(
e, f"Failed to delete layer version LayerName={name}, VersionNumber={version}."
)
return {"changed": changed, "layer_versions": deleted_versions}
def execute_module(module, lambda_client):
try:
state = module.params.get("state")
f_operation = create_layer_version
if state == "absent":
f_operation = delete_layer_version
module.exit_json(**f_operation(lambda_client, module.params, module.check_mode))
except LambdaLayerFailure as e:
module.fail_json_aws(e.exc, msg=e.msg)
def main():
argument_spec = dict(
state=dict(type="str", choices=["present", "absent"], default="present"),
name=dict(type="str", required=True, aliases=["layer_name"]),
description=dict(type="str"),
content=dict(
type="dict",
options=dict(
s3_bucket=dict(type="str"),
s3_key=dict(type="str", no_log=False),
s3_object_version=dict(type="str"),
zip_file=dict(type="path"),
),
required_together=[["s3_bucket", "s3_key"]],
required_one_of=[["s3_bucket", "zip_file"]],
mutually_exclusive=[["s3_bucket", "zip_file"]],
),
compatible_runtimes=dict(type="list", elements="str"),
license_info=dict(type="str"),
compatible_architectures=dict(type="list", elements="str"),
version=dict(type="int"),
)
module = AnsibleAWSModule(
argument_spec=argument_spec,
required_if=[
("state", "present", ["content"]),
("state", "absent", ["version"]),
],
mutually_exclusive=[
["version", "description"],
["version", "content"],
["version", "compatible_runtimes"],
["version", "license_info"],
["version", "compatible_architectures"],
],
supports_check_mode=True,
)
lambda_client = module.client("lambda")
execute_module(module, lambda_client)
if __name__ == "__main__":
main()
|
