Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add lambda-warming scheduled task to Terraform config #714

Open
KlaasH opened this issue Feb 14, 2019 · 3 comments · Fixed by #729
Open

Add lambda-warming scheduled task to Terraform config #714

KlaasH opened this issue Feb 14, 2019 · 3 comments · Fixed by #729
Labels
r&d Timeboxed

Comments

@KlaasH
Copy link
Contributor

KlaasH commented Feb 14, 2019
edited
Loading

As noted on PR #712, the Lambda-warming strategy for Tilegarden requires a scheduled Cloudwatch event. That PR adds a little section to the deployment README about doing it by hand, but it would be much preferable to have Terraform do it. The main complication is that it adds to the circular dependency between the Terraform config and the stuff created by Claudia. In this case, it's the ARN of the Lambda function that would be needed but not exist the first time Terraform is run.
This was referenced Feb 14, 2019
Merged
Closed
@KlaasH
Copy link
Contributor Author

KlaasH commented Feb 15, 2019

Here's what it looks like in the CloudWatch console.
image

You set a schedule, pick the right Lambda function, and under "Configure input" choose "Constant (JSON text)" and enter {"warmer":true,"concurrency":20} (or whatever concurrency you want. The marginal cost in execution time is surprisingly low).

@KlaasH
Copy link
Contributor Author

KlaasH commented Mar 1, 2019
edited
Loading

On PR #719 there was a discussion (about restricting the "invoke Lambda" permission) in which I said

Locking it down more would be better, but I think would require defining a new Terraform variable (so that the permission could say e.g. resources = ["arn:aws:lambda:::function:${var.tilegarden_project_name}"]) and instructing future deployers of new stacks to make sure the PROJECT_NAME in .env matches the Terraform variable.

Not a huge deal, but since I don't think there's any real risk from leaving the permission less restricted, I don't think it's worth the added complexity.

It seems likely that that same variable could be used to set the target of this rule and avoid adding another circular dependency, so that would make it worth doing.

@KlaasH KlaasH self-assigned this Mar 6, 2019
@KlaasH KlaasH mentioned this issue Mar 7, 2019
Merged
@KlaasH
Copy link
Contributor Author

KlaasH commented Mar 8, 2019

Closed via false positive from Github's keyword matching. PR #729 adds a Terraform variable, per the comment above, but didn't succeed in adding the scheduled task.

The attempt lives on in a branch, but unless the deployment setup changes significantly (so that the Lambda function is either created by Terraform or preexists the Terraform build) or AWS changes the permissions system to allow IAM-based permissions for CloudWatch to invoke Lambda functions, it won't work.

@KlaasH KlaasH reopened this Mar 8, 2019
@KlaasH KlaasH removed their assignment Mar 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
r&d Timeboxed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Terraform var for Tilegarden function name azavea/pfb-network-connectivity
3 participants
@hectcastro @KlaasH @jcahail