CloudFormation uses a pre-signed S3 URL to receive the response back from the custom resources managed by it. There are few blue prints available for Node.js Lambda custom resources but nothing available for python yet. Hence I created this simple function which shall be used to send the response back to CFN custom resource by performing PUT request to the pre-signed S3 URL. import json import requests def lambda_handler(event, context): responseStatus = 'SUCCESS' responseData = {} if event['RequestType'] == 'Delete': sendResponse(event, context, responseStatus, responseData) responseData = {'Success': 'Test Passed. Read more

I prefer creating the base AMI using packer; RDS snapshot using a Jenkins job which get triggered whenever there is a change in the database schema in the SCM. In case of installers, binaries, etc. it would be best to store them in a single S3 bucket. In all the above mentioned scenarios I prefer to share those resources to a 3rd party AWS account and remove the share when not needed. Read more

Last week AWS enhanced CloudFormation by adding new services like AWS CodePipeline, AWS Config, AWS KMS and few more; default stack limit also has been increased from 20 to 200. Among other new features they also have introduced this small but useful parameters grouping and labelling feature. Earlier all the parameters in a CFN template get listed in alphabetical order based on the logical name of the parameter. Also the parameters logical name is restricted to alphanumeric characters hence it causes some restrictions. Read more

AWS Lambda supports only Java, JavaScript & Python at the time of writing this post. I was wondering whether I can exploit the Lambda to execute chef’s knife commands on it since Lambda runs on a Linux container. Using simple python function I have identified that the code of the Lambda function gets copied to /var/task and executed from there. I decided to custom build ruby as embedded platform similar to how chef-client or chefdk are distributed. Read more

It’s a general best practice to manage all DNS entries in Route53 in a centralized AWS account. In that case it is difficult to automate the DNS record creation/deletion based on resources created in another AWS account using CloudFormation. CloudFormation doesn’t yet have the capability to create resources in a different AWS account. Combining IAM role delegation, AWS Lambda & CFN Custom resources provides us a solution. I have extended the same solution by exposing the Lambda function through API gateway which provides a powerful mechanism. Read more