DEV Community: Kasun de Silva The latest articles on DEV Community by Kasun de Silva (@kasundsilva). https://dev.to/kasundsilva https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1009425%2F1af61d95-5377-48ae-952b-e9f10f55aa97.jpeg DEV Community: Kasun de Silva https://dev.to/kasundsilva en Simplify AWS Lambda Deployments Using GitHub Actions Kasun de Silva Fri, 15 Aug 2025 00:49:44 +0000 https://dev.to/aws-builders/simplify-aws-lambda-deployments-using-github-actions-43om https://dev.to/aws-builders/simplify-aws-lambda-deployments-using-github-actions-43om <p>Hey, serverless builders! 🚀 Exciting news from AWS!</p> <p>AWS has launched a feature that direct support for deploying AWS Lambda functions using GitHub Actions. This new capability significantly streamlines the deployment process, eliminating the need for complex, custom scripting and boilerplate code.</p> <p>Before this, deploying a Lambda function from a GitHub workflow required manual steps to package code, configure IAM roles, and handle potential errors. Now, a dedicated GitHub Action handles all of this for you with a simple, declarative YAML configuration. This means less friction, faster deployments, and more time for you to focus on building amazing serverless applications.</p> <h3> What's New? </h3> <p>The new <strong>"Deploy Lambda Function" GitHub Action</strong> simplifies your CI/CD pipeline by providing a direct and secure way to update your Lambda functions.</p> <ul> <li> <strong>Declarative Configuration:</strong> Define your deployment settings—like runtime, memory, and environment variables—directly in your GitHub Actions workflow file.</li> <li> <strong>Automatic Packaging:</strong> The action automatically handles the packaging of your function code, supporting both <code>.zip</code> file and container image deployments.</li> <li> <strong>Seamless IAM Integration:</strong> It integrates with AWS IAM using <strong>OpenID Connect (OIDC)</strong> authentication, which is the most secure way to grant your GitHub workflows temporary, short-lived credentials without ever storing long-lived secrets.</li> </ul> <p>This new workflow is a huge win for developer experience, making it easier than ever to adopt a fully automated, Git-based deployment strategy for your serverless projects.</p> <h3> Step-by-Step Guide: Deploying a Lambda Function with GitHub Actions </h3> <p>Ready to get started? Here's how you can set up a GitHub Actions workflow to automatically deploy your Lambda function.</p> <h4> Prerequisites </h4> <ol> <li> <strong>A Lambda Function:</strong> You need an existing AWS Lambda function. If you don't have one, create it in the AWS Management Console or with the AWS CLI.</li> <li> <strong>IAM Role for OIDC:</strong> Configure an IAM role in your AWS account that trusts GitHub's OIDC provider. This role will grant your workflow the permissions it needs to deploy the function. This is a crucial security step!</li> <li> <strong>A GitHub Repository:</strong> Your Lambda function code should be in a GitHub repository.</li> </ol> <h4> Step 1: Configure IAM for OIDC </h4> <p>First, set up a trusted relationship between your AWS account and GitHub.</p> <ul> <li>Navigate to <strong>IAM</strong> in the AWS console.</li> <li>Under <strong>Access management</strong>, select <strong>Identity providers</strong>.</li> <li>Choose <strong>Add provider</strong> and configure an <strong>OpenID Connect</strong> provider with the URL: <code>https://token.actions.githubusercontent.com</code>.</li> <li>Create a new IAM role that uses this provider and grant it the necessary permissions, such as <code>lambda:UpdateFunctionCode</code> and <code>lambda:UpdateFunctionConfiguration</code>.</li> </ul> <h4> Step 2: Create Your GitHub Actions Workflow File </h4> <p>In your GitHub repository, create a new file at <code>.github/workflows/deploy.yml</code>. This YAML file defines the deployment process.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Deploy Lambda Function</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="c1"># This workflow runs on pushes to the 'main' branch</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">permissions</span><span class="pi">:</span> <span class="na">id-token</span><span class="pi">:</span> <span class="s">write</span> <span class="c1"># Required for OIDC authentication</span> <span class="na">contents</span><span class="pi">:</span> <span class="s">read</span> <span class="c1"># Required to check out the repository</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout repository</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Configure AWS credentials</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/configure-aws-credentials@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">role-to-assume</span><span class="pi">:</span> <span class="s">arn:aws:iam::123456789012:role/GitHubActionRole</span> <span class="c1"># Replace with your IAM role ARN</span> <span class="na">aws-region</span><span class="pi">:</span> <span class="s">us-east-1</span> <span class="c1"># Replace with your AWS region</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy Lambda Function</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/aws-lambda-deploy@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">function-name</span><span class="pi">:</span> <span class="s">my-lambda-function</span> <span class="c1"># Replace with your function name</span> <span class="na">code-artifacts-dir</span><span class="pi">:</span> <span class="s">./dist</span> <span class="c1"># The directory containing your packaged code</span> </code></pre> </div> <h4> Step 3: Push Your Code and Watch it Deploy! </h4> <p>That's it! When you push new code to the <code>main</code> branch of your repository, GitHub Actions will automatically trigger this workflow. The <code>aws-lambda-deploy</code> action will package the code from your specified directory (<code>./dist</code> in this example) and deploy it to your Lambda function.</p> <h3> Beyond the Basics </h3> <p>The <code>aws-lambda-deploy</code> action is highly configurable. You can:</p> <ul> <li> <strong>Deploy via Amazon S3:</strong> For larger deployment packages, you can specify an S3 bucket to use as an intermediate location.</li> <li> <strong>Configure Function Settings:</strong> Update your Lambda function's runtime, memory, timeout, and environment variables directly within the workflow.</li> <li> <strong>Use Dry Run Mode:</strong> Test your deployment configuration and permissions without making any changes to the function itself.</li> </ul> <p>With this new feature, AWS is making it simpler and more secure to manage the entire lifecycle of your serverless applications. Happy coding! 💻✨</p> <p>For more details and advanced examples, check out the <strong>AWS Lambda Deploy GitHub Action</strong> repository: <a href="https://github.com/aws-actions/aws-lambda-deploy" rel="noopener noreferrer">https://github.com/aws-actions/aws-lambda-deploy</a>.</p> lambda githubactions serverless Lets Encrypt DNS Challenge with Traefik and AWS Route 53 Kasun de Silva Fri, 15 Aug 2025 00:46:58 +0000 https://dev.to/kasundsilva/lets-encrypt-dns-challenge-with-traefik-and-aws-route-53-1312 https://dev.to/kasundsilva/lets-encrypt-dns-challenge-with-traefik-and-aws-route-53-1312 <p>So, you're self-hosting awesome apps like Jellyfin, Home Assistant, or your personal blog with Docker. You want that sweet, sweet HTTPS padlock for secure connections, and Let's Encrypt is the obvious choice for free SSL certs. Awesome!</p> <p>You set up your reverse proxy (maybe Traefik, because it's slick!), point it to your app, and tell it to get a certificate... only to hit a wall. Why? Meet the home networker's nemesis: <strong>ISPs blocking incoming port 80.</strong></p> <p><strong>The Standard Way (and the Wall)</strong></p> <p>Let's Encrypt's default validation method, <code>HTTP-01</code>, is simple: their servers try to access a special file on <em>your</em> server over standard HTTP (port <code>80</code>) to prove you control the domain.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Let's Encrypt -&gt; Your Public IP:80 -&gt; Does challenge file exist? -&gt; OK! Cert Issued! </code></pre> </div> <p>But if your ISP blocks incoming connections on port <code>80</code> (super common on residential plans!), Let's Encrypt's request never reaches your server.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Let's Encrypt -&gt; Your Public IP:80 -&gt; [ISP BLOCK] -&gt; Challenge Failed! No Cert! :( </code></pre> </div> <p>Frustrating, right? Your quest for HTTPS seems doomed... or is it?</p> <p><strong>The DNS-01 Challenge: A Different Kind of Proof</strong></p> <p>Enter the <code>DNS-01</code> challenge – Let's Encrypt's clever workaround. Instead of checking a file via HTTP, it asks you to prove domain ownership by creating a specific <strong>DNS TXT record</strong> with a unique value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Let's Encrypt -&gt; Checks Your Domain's DNS Records -&gt; Does specific TXT record exist? -&gt; OK! Cert Issued! </code></pre> </div> <p>Since this validation happens entirely via DNS lookups (usually port <code>53</code>, which is almost never blocked inbound for lookups), it completely bypasses the port <code>80</code> problem!</p> <p><strong>The Magic Combo: Traefik + AWS Route 53</strong></p> <p>Okay, manually creating DNS records every ~90 days sounds tedious. This is where the dynamic duo comes in:</p> <ol> <li> <strong>Traefik:</strong> Our smart reverse proxy knows how to talk the ACME protocol and request certificates using the DNS-01 method.</li> <li> <strong>AWS Route 53:</strong> A robust, API-driven DNS service.</li> </ol> <p>You configure Traefik with AWS API credentials (using an IAM user with <em>just enough</em> permission to modify Route 53 records – security first!). When it's time to issue or renew a cert, Traefik tells Route 53 (via the API) to create the temporary TXT record Let's Encrypt needs. Once Let's Encrypt verifies it, Traefik tells Route 53 to clean it up. <em>Chef's kiss!</em></p> <p><strong>The Key Configuration (Traefik + Docker Compose):</strong></p> <p>In your Traefik service definition within <code>docker-compose.yml</code>, the magic lies in the command arguments for your certificate resolver:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Snippet from docker-compose.yml command section for Traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="c1"># ... other args ...</span> <span class="c1"># Let's Encrypt Resolver Config</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.email=your-email@example.com"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"</span> <span class="c1"># --- THE IMPORTANT PART ---</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.dnschallenge=true"</span> <span class="c1"># Enable DNS Challenge</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53"</span> <span class="c1"># Tell it to use AWS Route 53</span> <span class="c1"># ... other args ...</span> </code></pre> </div> <p>You also need to securely provide your AWS credentials (Access Key ID &amp; Secret) as environment variables, preferably using a <code>.env</code> file.</p> <p><strong>Conclusion: Problem Solved!</strong></p> <p>By switching to the DNS-01 challenge and leveraging the automation power of Traefik integrated with the AWS Route 53 API, the infamous port <code>80</code> block becomes irrelevant for getting your Let's Encrypt certificates. You get fully automated, secure HTTPS for your self-hosted services without hassle. Now <em>that's</em> cool.</p> <p>Happy (secure) self-hosting!</p> route53 dns01 letsencrypt dns Let's Encrypt DNS Challenge with Traefik and AWS Route 53 Kasun de Silva Fri, 15 Aug 2025 00:46:30 +0000 https://dev.to/kasundsilva/lets-encrypt-dns-challenge-with-traefik-and-aws-route-53-3b5e https://dev.to/kasundsilva/lets-encrypt-dns-challenge-with-traefik-and-aws-route-53-3b5e <p>So, you're self-hosting awesome apps like Jellyfin, Home Assistant, or your personal blog with Docker. You want that sweet, sweet HTTPS padlock for secure connections, and Let's Encrypt is the obvious choice for free SSL certs. Awesome!</p> <p>You set up your reverse proxy (maybe Traefik, because it's slick!), point it to your app, and tell it to get a certificate... only to hit a wall. Why? Meet the home networker's nemesis: <strong>ISPs blocking incoming port 80.</strong></p> <p><strong>The Standard Way (and the Wall)</strong></p> <p>Let's Encrypt's default validation method, <code>HTTP-01</code>, is simple: their servers try to access a special file on <em>your</em> server over standard HTTP (port <code>80</code>) to prove you control the domain.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Let's Encrypt -&gt; Your Public IP:80 -&gt; Does challenge file exist? -&gt; OK! Cert Issued! </code></pre> </div> <p>But if your ISP blocks incoming connections on port <code>80</code> (super common on residential plans!), Let's Encrypt's request never reaches your server.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Let's Encrypt -&gt; Your Public IP:80 -&gt; [ISP BLOCK] -&gt; Challenge Failed! No Cert! :( </code></pre> </div> <p>Frustrating, right? Your quest for HTTPS seems doomed... or is it?</p> <p><strong>The DNS-01 Challenge: A Different Kind of Proof</strong></p> <p>Enter the <code>DNS-01</code> challenge – Let's Encrypt's clever workaround. Instead of checking a file via HTTP, it asks you to prove domain ownership by creating a specific <strong>DNS TXT record</strong> with a unique value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Let's Encrypt -&gt; Checks Your Domain's DNS Records -&gt; Does specific TXT record exist? -&gt; OK! Cert Issued! </code></pre> </div> <p>Since this validation happens entirely via DNS lookups (usually port <code>53</code>, which is almost never blocked inbound for lookups), it completely bypasses the port <code>80</code> problem!</p> <p><strong>The Magic Combo: Traefik + AWS Route 53</strong></p> <p>Okay, manually creating DNS records every ~90 days sounds tedious. This is where the dynamic duo comes in:</p> <ol> <li> <strong>Traefik:</strong> Our smart reverse proxy knows how to talk the ACME protocol and request certificates using the DNS-01 method.</li> <li> <strong>AWS Route 53:</strong> A robust, API-driven DNS service.</li> </ol> <p>You configure Traefik with AWS API credentials (using an IAM user with <em>just enough</em> permission to modify Route 53 records – security first!). When it's time to issue or renew a cert, Traefik tells Route 53 (via the API) to create the temporary TXT record Let's Encrypt needs. Once Let's Encrypt verifies it, Traefik tells Route 53 to clean it up. <em>Chef's kiss!</em></p> <p><strong>The Key Configuration (Traefik + Docker Compose):</strong></p> <p>In your Traefik service definition within <code>docker-compose.yml</code>, the magic lies in the command arguments for your certificate resolver:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Snippet from docker-compose.yml command section for Traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="c1"># ... other args ...</span> <span class="c1"># Let's Encrypt Resolver Config</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.email=your-email@example.com"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"</span> <span class="c1"># --- THE IMPORTANT PART ---</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.dnschallenge=true"</span> <span class="c1"># Enable DNS Challenge</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53"</span> <span class="c1"># Tell it to use AWS Route 53</span> <span class="c1"># ... other args ...</span> </code></pre> </div> <p>You also need to securely provide your AWS credentials (Access Key ID &amp; Secret) as environment variables, preferably using a <code>.env</code> file.</p> <p><strong>Conclusion: Problem Solved!</strong></p> <p>By switching to the DNS-01 challenge and leveraging the automation power of Traefik integrated with the AWS Route 53 API, the infamous port <code>80</code> block becomes irrelevant for getting your Let's Encrypt certificates. You get fully automated, secure HTTPS for your self-hosted services without hassle. Now <em>that's</em> cool.</p> <p>Happy (secure) self-hosting!</p> route53 dns01 letsencrypt dns Let's Encrypt DNS-01 Challenge with Traefik and AWS Route 53 Kasun de Silva Tue, 06 May 2025 00:10:54 +0000 https://dev.to/aws-builders/lets-encrypt-dns-challenge-with-traefik-and-aws-route-53-1l1f https://dev.to/aws-builders/lets-encrypt-dns-challenge-with-traefik-and-aws-route-53-1l1f <p>So, you're self-hosting awesome apps like Jellyfin, Home Assistant, or your personal blog with Docker. You want that sweet, sweet HTTPS padlock for secure connections, and Let's Encrypt is the obvious choice for free SSL certs. Awesome!</p> <p>You set up your reverse proxy (maybe Traefik, because it's slick!), point it to your app, and tell it to get a certificate... only to hit a wall. Why? Meet the home networker's nemesis: <strong>ISPs blocking incoming port 80.</strong></p> <p><strong>The Standard Way (and the Wall)</strong></p> <p>Let's Encrypt's default validation method, <code>HTTP-01</code>, is simple: their servers try to access a special file on <em>your</em> server over standard HTTP (port <code>80</code>) to prove you control the domain.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Let's Encrypt -&gt; Your Public IP:80 -&gt; Does challenge file exist? -&gt; OK! Cert Issued! </code></pre> </div> <p>But if your ISP blocks incoming connections on port <code>80</code> (super common on residential plans!), Let's Encrypt's request never reaches your server.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Let's Encrypt -&gt; Your Public IP:80 -&gt; [ISP BLOCK] -&gt; Challenge Failed! No Cert! :( </code></pre> </div> <p>Frustrating, right? Your quest for HTTPS seems doomed... or is it?</p> <p><strong>The DNS-01 Challenge: A Different Kind of Proof</strong></p> <p>Enter the <code>DNS-01</code> challenge – Let's Encrypt's clever workaround. Instead of checking a file via HTTP, it asks you to prove domain ownership by creating a specific <strong>DNS TXT record</strong> with a unique value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Let's Encrypt -&gt; Checks Your Domain's DNS Records -&gt; Does specific TXT record exist? -&gt; OK! Cert Issued! </code></pre> </div> <p>Since this validation happens entirely via DNS lookups (usually port <code>53</code>, which is almost never blocked inbound for lookups), it completely bypasses the port <code>80</code> problem!</p> <p><strong>The Magic Combo: Traefik + AWS Route 53</strong></p> <p>Okay, manually creating DNS records every ~90 days sounds tedious. This is where the dynamic duo comes in:</p> <ol> <li> <strong>Traefik:</strong> Our smart reverse proxy knows how to talk the ACME protocol and request certificates using the DNS-01 method.</li> <li> <strong>AWS Route 53:</strong> A robust, API-driven DNS service.</li> </ol> <p>You configure Traefik with AWS API credentials (using an IAM user with <em>just enough</em> permission to modify Route 53 records – security first!). When it's time to issue or renew a cert, Traefik tells Route 53 (via the API) to create the temporary TXT record Let's Encrypt needs. Once Let's Encrypt verifies it, Traefik tells Route 53 to clean it up. <em>Chef's kiss!</em></p> <p><strong>The Key Configuration (Traefik + Docker Compose):</strong></p> <p>In your Traefik service definition within <code>docker-compose.yml</code>, the magic lies in the command arguments for your certificate resolver:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Snippet from docker-compose.yml command section for Traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="c1"># ... other args ...</span> <span class="c1"># Let's Encrypt Resolver Config</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.email=your-email@example.com"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"</span> <span class="c1"># --- THE IMPORTANT PART ---</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.dnschallenge=true"</span> <span class="c1"># Enable DNS Challenge</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53"</span> <span class="c1"># Tell it to use AWS Route 53</span> <span class="c1"># ... other args ...</span> </code></pre> </div> <p><strong>Environment Vars</strong><br> You also need to securely provide your AWS credentials (Access Key ID &amp; Secret) as environment variables, preferably using a <code>.env</code> file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Environment variables for AWS credentials (will use .env file)</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">AWS_ACCESS_KEY_ID</span> <span class="pi">-</span> <span class="s">AWS_SECRET_ACCESS_KEY</span> <span class="pi">-</span> <span class="s">AWS_REGION</span> <span class="pi">-</span> <span class="s">AWS_HOSTED_ZONE_ID</span> </code></pre> </div> <p>Complete example config,<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.yml</span> <span class="na">services</span><span class="pi">:</span> <span class="c1"># Traefik Service (Reverse Proxy &amp; SSL)</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s2">"</span><span class="s">traefik:v2.11"</span> <span class="c1"># Pin to a specific stable version</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">traefik-proxy"</span> <span class="c1"># Descriptive container name</span> <span class="na">command</span><span class="pi">:</span> <span class="c1"># Enable Docker provider &amp; disable exposing by default</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="c1"># Define HTTP (80) and HTTPS (443) entry points</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="c1"># Enable Traefik API/Dashboard (for monitoring)</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--api.dashboard=true"</span> <span class="c1"># Configure Let's Encrypt Resolver (named 'myresolver')</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.email=your-email@example.com"</span> <span class="c1"># !! REPLACE THIS with your email !!</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"</span> <span class="c1"># Use DNS-01 challenge with Route53 provider</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.dnschallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53"</span> <span class="c1"># Global Redirect: HTTP -&gt; HTTPS</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="na">ports</span><span class="pi">:</span> <span class="c1"># Expose port 80 for HTTP-&gt;HTTPS redirect (optional if ISP blocks)</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="c1"># Expose port 443 for HTTPS access (ESSENTIAL)</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="c1"># Mount Docker socket to detect container events</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="c1"># Persist Let's Encrypt certificates</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">proxy</span> <span class="c1"># Connect to our custom network</span> <span class="c1"># Environment variables for AWS credentials (will use .env file)</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">AWS_ACCESS_KEY_ID</span> <span class="pi">-</span> <span class="s">AWS_SECRET_ACCESS_KEY</span> <span class="pi">-</span> <span class="s">AWS_REGION</span> <span class="pi">-</span> <span class="s">AWS_HOSTED_ZONE_ID</span> <span class="na">labels</span><span class="pi">:</span> <span class="c1"># Enable Traefik for its own dashboard</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="c1"># Dashboard Router Rule (HTTPS)</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.traefik-dashboard.rule=Host(`traefik.yourdomain.com`)"</span> <span class="c1"># !! REPLACE with your dashboard hostname !!</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.traefik-dashboard.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.traefik-dashboard.service=api@internal"</span> <span class="c1"># Use Let's Encrypt for the dashboard domain</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.traefik-dashboard.tls.certresolver=myresolver"</span> <span class="c1"># Secure the dashboard with Basic Auth</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.traefik-dashboard.middlewares=auth"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.middlewares.auth.basicauth.users=user:$&lt;span</span><span class="nv"> </span><span class="s">class="math-inline"&gt;apr1&lt;/span&gt;&lt;span class="math-inline"&gt;abcdefg&lt;/span&gt;$yourhashedpassword"</span> <span class="c1"># !! REPLACE THIS HASH !!</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>Conclusion: Problem Solved!</strong></p> <p>By switching to the DNS-01 challenge and leveraging the automation power of Traefik integrated with the AWS Route 53 API, the infamous port <code>80</code> block becomes irrelevant for getting your Let's Encrypt certificates. You get fully automated, secure HTTPS for your self-hosted services without hassle. Now <em>that's</em> cool.</p> <p>Happy (secure) self-hosting!</p> route53 letsencrypt dns traefik From Plex to Freedom: My Jellyfin Journey with Traefik & AWS Route 53 Kasun de Silva Mon, 05 May 2025 08:20:13 +0000 https://dev.to/kasundsilva/from-plex-to-freedom-my-jellyfin-journey-with-traefik-aws-route-53-4hgb https://dev.to/kasundsilva/from-plex-to-freedom-my-jellyfin-journey-with-traefik-aws-route-53-4hgb <p>Like many, I relied on <strong>Plex</strong> for years to manage and stream my personal media library – hundreds of movies and countless TV show episodes. It served me well. However, recent shifts towards monetizing core features, like remote streaming, prompted me to look for alternatives. I wanted a solution that was open-source, powerful, and gave me complete control over my media and its access, without unexpected subscription requirements for basic functionality.</p> <p>Enter <strong>Jellyfin</strong>. It's a fantastic, free software media system that puts you in control. But simply installing it isn't enough; I needed secure, easy remote access for myself and my family, just like I had before.</p> <p>This post details my journey setting up Jellyfin locally using <strong>Docker</strong>, but making it securely accessible from anywhere using <strong>Traefik</strong> as a reverse proxy, <strong>Let's Encrypt</strong> for free SSL certificates, and leveraging <strong>AWS Route 53</strong> for seamless and reliable DNS hosting. If you're comfortable with Docker and use AWS for your DNS, this guide is for you!</p> <h2> Why This Stack? </h2> <ul> <li> <strong>Jellyfin:</strong> Awesome open-source media server.</li> <li> <strong>Docker &amp; Docker Compose:</strong> Easy deployment, management, and reproducibility of services.</li> <li> <strong>Traefik:</strong> A modern, cloud-native reverse proxy that integrates beautifully with Docker. It automatically discovers services and handles SSL certificate management.</li> <li> <strong>Let's Encrypt:</strong> Free, automated SSL certificates. Essential for secure HTTPS connections.</li> <li> <strong>AWS Route 53:</strong> Reliable DNS hosting. Crucially, its API allows Traefik to perform the Let's Encrypt DNS-01 challenge automatically – perfect if your ISP blocks port 80 (a common issue!).</li> </ul> <h2> Prerequisites </h2> <ul> <li>A server or machine (like a NAS, Raspberry Pi, or home server) running <strong>Docker</strong> and <strong>Docker Compose</strong>.</li> <li>A registered domain name (we'll use <code>yourdomain.com</code> as an example).</li> <li>Your domain's DNS hosted on <strong>AWS Route 53</strong>.</li> <li>An <strong>AWS account</strong> with IAM permissions to modify Route 53 records for <code>yourdomain.com</code>.</li> <li>Basic familiarity with the command line.</li> </ul> <h2> The Challenge: Secure Remote Access &amp; The Port 80 Problem </h2> <p>Running Jellyfin locally is easy, but accessing it securely from outside your network requires <strong>HTTPS</strong>. Let's Encrypt provides free SSL certificates via the <strong>ACME protocol</strong>. The most common validation method (HTTP-01 challenge) requires your server to be reachable from the internet on port <code>80</code>. Unfortunately, many residential ISPs block incoming traffic on port <code>80</code>.</p> <p>This is where the <strong>DNS-01 challenge</strong> shines. Instead of checking port <code>80</code>, Let's Encrypt verifies domain ownership by checking for a specific TXT record in your DNS zone. Since we're using Route 53, Traefik can automatically create and remove these temporary records using the AWS API.</p> <h2> Step 1: AWS Setup - IAM User for Traefik </h2> <p>Traefik needs permission to modify your Route 53 DNS records for <code>yourdomain.com</code>. We'll create a dedicated IAM user with <em>only</em> the necessary permissions (Principle of Least Privilege).</p> <ol> <li> Go to the <strong>IAM console</strong> in AWS.</li> <li> Create a new <strong>User</strong>. Give it a descriptive name (e.g., <code>traefik-route53-manager</code>).</li> <li> Select "<strong>Attach policies directly</strong>".</li> <li> <p>Create a <strong>new policy</strong>. Use the JSON editor and paste the following policy, replacing <code>YOUR_HOSTED_ZONE_ID</code> with the actual Route 53 Hosted Zone ID for <code>yourdomain.com</code> (you can find this in the Route 53 console):<br> </p> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"route53:GetChange"</span><span class="p">,</span><span class="w"> </span><span class="s2">"route53:ListHostedZonesByName"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"route53:ChangeResourceRecordSets"</span><span class="p">,</span><span class="w"> </span><span class="s2">"route53:ListResourceRecordSets"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:route53:::hostedzone/YOUR_HOSTED_ZONE_ID"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> <p><em>&gt; Note: Using <code>ListHostedZonesByName</code> and filtering by resource ARN for <code>ChangeResourceRecordSets</code> scopes down permissions significantly.</em></p> </li> <li><p>Finish creating the policy (give it a name like <code>TraefikRoute53AccessPolicy</code>).</p></li> <li><p>Attach this new policy to the user you created.</p></li> <li><p>Proceed to the "<strong>Security credentials</strong>" tab for the new user.</p></li> <li><p>Create an "<strong>Access key</strong>" - select "<strong>Application running outside AWS</strong>" as the use case.</p></li> <li><p><strong>Carefully copy the Access Key ID and Secret Access Key.</strong> You won't see the secret key again! Store these securely for the next steps.</p></li> </ol> <h2> Step 2: Docker Compose Configuration </h2> <p>Now, let's define our services using <code>docker-compose.yml</code>. This file defines the Traefik reverse proxy and the Jellyfin application itself. Remember to replace the example hostnames (<code>jellyfin.yourdomain.com</code>, <code>traefik.yourdomain.com</code>) with your actual desired subdomains.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.yml</span> <span class="na">services</span><span class="pi">:</span> <span class="c1"># Traefik Service (Reverse Proxy &amp; SSL)</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s2">"</span><span class="s">traefik:v2.11"</span> <span class="c1"># Pin to a specific stable version</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">traefik-proxy"</span> <span class="c1"># Descriptive container name</span> <span class="na">command</span><span class="pi">:</span> <span class="c1"># Enable Docker provider &amp; disable exposing by default</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="c1"># Define HTTP (80) and HTTPS (443) entry points</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="c1"># Enable Traefik API/Dashboard (for monitoring)</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--api.dashboard=true"</span> <span class="c1"># Configure Let's Encrypt Resolver (named 'myresolver')</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.email=your-email@example.com"</span> <span class="c1"># !! REPLACE THIS with your email !!</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"</span> <span class="c1"># Use DNS-01 challenge with Route53 provider</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.dnschallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53"</span> <span class="c1"># Global Redirect: HTTP -&gt; HTTPS</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="na">ports</span><span class="pi">:</span> <span class="c1"># Expose port 80 for HTTP-&gt;HTTPS redirect (optional if ISP blocks)</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="c1"># Expose port 443 for HTTPS access (ESSENTIAL)</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="c1"># Mount Docker socket to detect container events</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="c1"># Persist Let's Encrypt certificates</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">proxy</span> <span class="c1"># Connect to our custom network</span> <span class="c1"># Environment variables for AWS credentials (will use .env file)</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">AWS_ACCESS_KEY_ID</span> <span class="pi">-</span> <span class="s">AWS_SECRET_ACCESS_KEY</span> <span class="c1"># - AWS_REGION=us-east-1 # Optional: Specify if needed</span> <span class="c1"># - AWS_HOSTED_ZONE_ID=YOUR_HOSTED_ZONE_ID # Optional</span> <span class="na">labels</span><span class="pi">:</span> <span class="c1"># Enable Traefik for its own dashboard</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="c1"># Dashboard Router Rule (HTTPS)</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.traefik-dashboard.rule=Host(`traefik.yourdomain.com`)"</span> <span class="c1"># !! REPLACE with your dashboard hostname !!</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.traefik-dashboard.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.traefik-dashboard.service=api@internal"</span> <span class="c1"># Use Let's Encrypt for the dashboard domain</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.traefik-dashboard.tls.certresolver=myresolver"</span> <span class="c1"># Secure the dashboard with Basic Auth</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.traefik-dashboard.middlewares=auth"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.middlewares.auth.basicauth.users=user:$&lt;span</span><span class="nv"> </span><span class="s">class="math-inline"&gt;apr1&lt;/span&gt;&lt;span class="math-inline"&gt;abcdefg&lt;/span&gt;$yourhashedpassword"</span> <span class="c1"># !! REPLACE THIS HASH !!</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="c1"># Jellyfin Service</span> <span class="na">jellyfin</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">lscr.io/linuxserver/jellyfin:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">jellyfin</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">PUID=1000</span> <span class="c1"># Your user ID</span> <span class="pi">-</span> <span class="s">PGID=1000</span> <span class="c1"># Your group ID</span> <span class="pi">-</span> <span class="s">TZ=Etc/UTC</span> <span class="c1"># !! REPLACE with Your timezone e.g. Pacific/Auckland !!</span> <span class="na">volumes</span><span class="pi">:</span> <span class="c1"># Map Jellyfin config directory</span> <span class="pi">-</span> <span class="s">/path/to/jellyfin/config:/config/</span> <span class="c1"># !! REPLACE host path to your config location !!</span> <span class="c1"># Map Media Libraries</span> <span class="pi">-</span> <span class="s">/path/to/tvshows:/data/tvshows</span> <span class="c1"># !! REPLACE host path to your TV shows !!</span> <span class="pi">-</span> <span class="s">/path/to/movies:/data/movies</span> <span class="c1"># !! REPLACE host path to your Movies !!</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">proxy</span> <span class="c1"># Connect to the same network as Traefik</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">labels</span><span class="pi">:</span> <span class="c1"># Enable Traefik management for this container</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="c1"># Jellyfin Router Rule (HTTPS)</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.jellyfin.rule=Host(`jellyfin.yourdomain.com`)"</span> <span class="c1"># !! REPLACE with your Jellyfin hostname !!</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.jellyfin.entrypoints=websecure"</span> <span class="c1"># Use HTTPS entrypoint</span> <span class="c1"># Use Let's Encrypt resolver defined above</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.jellyfin.tls.certresolver=myresolver"</span> <span class="c1"># Tell Traefik which internal port Jellyfin uses</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.jellyfin.loadbalancer.server.port=8096"</span> <span class="c1"># Define the shared network</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">proxy</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">proxy</span> <span class="c1"># Define the volume for Let's Encrypt certificates</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">letsencrypt</span><span class="pi">:</span> </code></pre> </div> <h2> Step 3: Handling Secrets - The <code>.env</code> File </h2> <p>Never commit secrets directly into your <code>docker-compose.yml</code>! We'll use a <code>.env</code> file to store the AWS credentials.</p> <ol> <li><p>In the same directory as your <code>docker-compose.yml</code>, create a file named <code>.env</code>.</p></li> <li> <p>Add your AWS keys:<br> </p> <pre class="highlight plaintext"><code># .env AWS_ACCESS_KEY_ID=YOUR_ACTUAL_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY=YOUR_ACTUAL_SECRET_ACCESS_KEY </code></pre> </li> <li> <p>Crucially: Add .env to your .gitignore file to prevent accidentally committing it.<br> </p> <pre class="highlight plaintext"><code># .gitignore .env </code></pre> </li> </ol> <p>Docker Compose will automatically read this file and inject these variables into the Traefik container's environment, as specified in the environment: section of the <code>docker-compose.yml</code>.</p> <h2> Step 4: Securing the Traefik Dashboard </h2> <p>We added basic authentication to the dashboard using Traefik labels. You need to generate a password hash.</p> <ol> <li>Install htpasswd (usually via apache2-utils or httpd-tools).</li> <li> <p>Run the following, replacing admin and 'YourSecurePassword!' with your desired credentials:<br> </p> <pre class="highlight shell"><code>htpasswd <span class="nt">-nb</span> admin <span class="s1">'YourSecurePassword!'</span> </code></pre> </li> <li><p>Copy the output (e.g., admin:$apr1$somehash$morehash).</p></li> <li> <p>Paste it into the <code>traefik.http.middlewares.auth.basicauth.users</code> label in <code>docker-compose.yml</code>.<br> Remember to escape the dollar signs <code>($)</code> by doubling them <code>($$)</code>:<br> </p> <pre class="highlight yaml"><code><span class="c1"># Example label in docker-compose.yml</span> <span class="s">_ "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$somehash$$morehash"</span> <span class="c1"># !! REPLACE user:hash !!</span> </code></pre> </li> </ol> <h2> Step 5: DNS Configuration (Route 53) </h2> <p>Before starting, ensure you have A records in Route 53 pointing your chosen hostnames (e.g., <code>jellyfin.yourdomain.com</code> and <code>traefik.yourdomain.com</code>) to the public IP address of the server running Docker.</p> <p><code>jellyfin.yourdomain.com</code> -&gt; <code>YOUR_SERVER_PUBLIC_IP</code><br> <code>traefik.yourdomain.com</code> -&gt; <code>YOUR_SERVER_PUBLIC_IP</code></p> <h2> Step 6: Final Checks &amp; Deployment </h2> <ol> <li> <strong>Placeholders</strong>: Ensure you've replaced all placeholders marked with <code>!! REPLACE !!</code> or <code>YOUR_...</code> in the <code>docker-compose.yml</code> and <code>.env</code> files with your actual values (hostnames, email, paths, user IDs, timezone, password hash, AWS keys).</li> <li> <strong>Paths</strong>: Double-check the host paths mapped in the volumes section for Jellyfin – point them to your actual config and media library locations.</li> <li> <strong>User/Group ID</strong>: Update <code>PUID</code> and <code>PGID</code> in the Jellyfin environment section to match the user/group that owns your media files (use id <code>$USER</code> on <code>Linux</code> to find yours).</li> <li> <strong>Directory</strong>: Create the Let's Encrypt volume directory: <code>mkdir ./letsencrypt</code>.</li> <li> <strong>Firewall/Router</strong>: Ensure port <code>443</code> is forwarded from your router/firewall to the internal IP address of your Docker host machine. Port <code>80</code> forwarding is optional now but recommended for the <code>HTTP-&gt;HTTPS</code> redirect to work smoothly.</li> <li> <strong>Launch</strong>: Run <code>docker compose up -d</code>.</li> <li> <strong>Monitor</strong>: Check the Traefik logs, especially on the first run, to ensure successful AWS authentication and certificate acquisition: <code>docker compose logs -f traefik-proxy</code>.</li> </ol> <h2> Conclusion </h2> <p>You should now have a fully functional Jellyfin instance accessible securely via <code>https://jellyfin.yourdomain.com</code> (using your actual domain), with automatic SSL certificate management handled by Traefik and Let's Encrypt, leveraging the power and reliability of AWS Route 53 for DNS validation. The Traefik dashboard is also available (and password-protected) at <code>https://traefik.yourdomain.com</code> (again, using your actual domain).</p> <p>This setup gives me the control and freedom I was seeking after moving from Plex. By combining powerful open-source tools like Jellyfin and Traefik with robust cloud services like AWS Route 53 and IAM, we can build secure, flexible, and non-subscription-based solutions tailored perfectly to our needs.</p> <p>Happy self-hosting! Let me know about your experiences in the comments below.</p> route53 dns traefik jellyfin CodeBuild Meets GitHub Actions: A Serverless CI Workflow with Lambda Kasun de Silva Thu, 27 Feb 2025 23:04:27 +0000 https://dev.to/aws-builders/streamline-your-development-workflow-with-codebuild-hosted-github-actions-runner-307k https://dev.to/aws-builders/streamline-your-development-workflow-with-codebuild-hosted-github-actions-runner-307k <h3> Serverless GitHub Actions? Yes! Learn how to use AWS Lambda/ CodeBuild for Github Actions workflow execution </h3> <p>GitHub Actions provides a powerful CI/CD pipeline, but sometimes you need more control over the environment where your workflows run. AWS CodeBuild now supports Lambda-based self-hosted runners, allowing you to execute GitHub Actions workflows in a cost-efficient, on-demand AWS environment. This guide will walk you through setting up a self-hosted GitHub Actions runner using AWS CodeBuild's Lambda Runner environment.</p> <h2> <strong>Prerequisites</strong> </h2> <p>Before getting started, ensure you have:</p> <ul> <li>An AWS account with permissions to create CodeBuild projects and Lambda functions</li> <li>A GitHub repository where you want to run the actions</li> <li>AWS CLI and GitHub CLI installed on your local machine</li> <li>An IAM role with necessary permissions for CodeBuild and Lambda execution</li> </ul> <h2> <strong>Step 1: Create an AWS CodeBuild Project</strong> </h2> <p>AWS CodeBuild will serve as our self-hosted GitHub Actions runner. Follow these steps:</p> <h3> <strong>1.1 Navigate to AWS CodeBuild</strong> </h3> <ul> <li>Open the <a href="https://console.aws.amazon.com/codebuild/home" rel="noopener noreferrer">AWS CodeBuild Console</a> </li> <li>Click <strong>Create build project</strong> </li> </ul> <h3> <strong>1.2 Configure Project Settings</strong> </h3> <ul> <li> <strong>Project Name</strong>: <code>github-actions-runner</code> </li> <li> <strong>Description</strong>: <code>Self-hosted GitHub Actions runner using AWS CodeBuild Lambda Runner</code> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv0ckb9b44frm0dgy3tcf.png" alt="Image description" width="613" height="680"> </li> <li> <strong>Source</strong>: Select <strong>GitHub</strong> and connect to your repository <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foskjnrt5kiljvhqi4of6.png" alt="Image description" width="617" height="675"> </li> </ul> <h3> <strong>1.3 Select Environment</strong> </h3> <ul> <li> <strong>Environment Image</strong>: Choose <strong>Managed Image</strong> </li> <li> <strong>Operating System</strong>: Amazon Linux 2</li> <li> <strong>Runtime</strong>: AWS Lambda</li> <li> <strong>Compute Type</strong>: Lambda Execution Environment</li> <li> <strong>Operating System System</strong>: Amazon Linux</li> <li> <strong>Runtime</strong>: Python</li> <li> <strong>Image &amp; Version</strong>: Select the latest</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkq9ada3mgore9d8jgmlk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkq9ada3mgore9d8jgmlk.png" alt="Image description" width="620" height="699"></a></p> <h3> <strong>1.4 Configure IAM Role</strong> </h3> <ul> <li>Choose <strong>New Service Role</strong> or select an existing role with permissions to execute CodeBuild, interact with GitHub, and access AWS Lambda.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0qioil2gr0mes5dlhq5m.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0qioil2gr0mes5dlhq5m.png" alt="Image description" width="608" height="184"></a></p> <ul> <li>Attach the following policies if needed: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"lambda:InvokeFunction"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:lambda:*:*:function:*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"codebuild:StartBuild"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Click <strong>Create Build Project</strong> to finalize.</p> <h2> <strong>Step 2: Setup the GitHub action workflow.</strong> </h2> <ol> <li>Navigate to your GitHub repository</li> <li>Go to <code>Actions</code> tab and create a simple workflow.</li> <li>To point the lambda self-hosted runner in place, update your <code>.github/workflows/main.yml</code> to use it: Please note the <code>runs-on:</code> section here that you need to at to the workflow file. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># The type of runner that the job will run on</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">codebuild-gha-runner-lambda-test-${{ github.run_id }}-${{ github.run_attempt }}</span> </code></pre> </div> <p>Here is a full example of the workflow file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># This is a basic workflow to help you get started with Actions</span> <span class="na">name</span><span class="pi">:</span> <span class="s">CI AWS Lambda Pipeline Test</span> <span class="c1"># Controls when the workflow will run</span> <span class="na">on</span><span class="pi">:</span> <span class="c1"># Triggers the workflow on push or pull request events but only for the "master" branch</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">master"</span> <span class="pi">]</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">master"</span> <span class="pi">]</span> <span class="c1"># Allows you to run this workflow manually from the Actions tab</span> <span class="na">workflow_dispatch</span><span class="pi">:</span> <span class="c1"># A workflow run is made up of one or more jobs that can run sequentially or in parallel</span> <span class="na">jobs</span><span class="pi">:</span> <span class="c1"># This workflow contains a single job called "build"</span> <span class="na">build</span><span class="pi">:</span> <span class="c1"># The type of runner that the job will run on</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">codebuild-gha-runner-lambda-test-${{ github.run_id }}-${{ github.run_attempt }}</span> <span class="c1"># Steps represent a sequence of tasks that will be executed as part of the job</span> <span class="na">steps</span><span class="pi">:</span> <span class="c1"># Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="c1"># Runs a single command using the runners shell</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run a one-line script</span> <span class="na">run</span><span class="pi">:</span> <span class="s">echo Hello, world!</span> <span class="c1"># Runs a set of commands using the runners shell</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run a multi-line script</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo Add other actions to build,</span> <span class="s">echo test, and deploy your project.</span> </code></pre> </div> <p>Push changes to your repository, and the self-hosted runner in AWS CodeBuild will pick up the job and the lambda function will run your job.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwy0m7t3jxqsz9ujeo6ir.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwy0m7t3jxqsz9ujeo6ir.png" alt="Image description" width="800" height="372"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvhm7xq52wazdkdcolcam.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvhm7xq52wazdkdcolcam.png" alt="Image description" width="800" height="138"></a></p> <h2> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyzi9btivh673hmbs1n3n.png" alt="Image description" width="800" height="355"> </h2> <h3> <strong>2.1 Limitations</strong> </h3> <p>Lambda compute is designed for speed, optimizing startup times for builds. However, it does have some limitations and does not support the following use cases:</p> <ul> <li>Reserved Capacity</li> <li>Caching Across Builds</li> <li>Restricting Runtime with Timeouts</li> <li>Tools Requiring Root-User Permissions</li> <li>Long-Running Builds (Lambda has a maximum timeout of 15 minutes)</li> </ul> <p>Using AWS CodeBuild's Lambda Runner for GitHub Actions provides a scalable, cost-efficient alternative to traditional self-hosted runners. You only pay for execution time, and the Lambda-based environment ensures seamless scaling. Try this setup for your CI/CD workflows and enjoy the flexibility of AWS CodeBuild in your GitHub Actions pipelines!</p> <p>Happy coding! 🚀</p> githubactions lambda aws serverless Speak the Command, Execute the Lambda Kasun de Silva Thu, 19 Dec 2024 22:06:52 +0000 https://dev.to/aws-builders/triggering-aws-lambda-functions-with-voice-commands-using-amazon-alexa-35d8 https://dev.to/aws-builders/triggering-aws-lambda-functions-with-voice-commands-using-amazon-alexa-35d8 <p>In today's world of voice assistants and smart devices, integrating your AWS Lambda functions with Amazon Alexa opens up a world of possibilities. Imagine being able to trigger a Lambda function with a simple voice command, automating tasks like checking the weather, controlling smart devices, or querying your AWS resources. In this blog post, we’ll walk you through the steps to create a voice-activated Lambda function using Amazon Alexa.</p> <h2> Step 1: Setting Up Your AWS Lambda Function </h2> <p>Before you can trigger a Lambda function with your voice, you need to create and configure the function.</p> <h3> 1.1 Create the Lambda Function </h3> <p>Log in to the AWS Management Console and navigate to the Lambda service.</p> <p>Create a new function:</p> <ul> <li>Choose "Author from scratch."</li> <li>Enter a function name (e.g., <code>WeatherCheckerLambda</code>).</li> <li>Choose a runtime (e.g., Python 3.9 or Node.js 18.x).</li> <li>Set up an execution role with basic Lambda permissions. If your function needs to access other AWS services, ensure the role has the appropriate permissions.</li> </ul> <p>Write your function code: Here’s a simple Python example that returns a weather update:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="c1"># Sample response to be returned by Alexa </span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">version</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">1.0</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">response</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">outputSpeech</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">PlainText</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">text</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">The weather today is sunny with a high of 25 degrees.</span><span class="sh">'</span><span class="p">,</span> <span class="p">},</span> <span class="sh">'</span><span class="s">shouldEndSession</span><span class="sh">'</span><span class="p">:</span> <span class="bp">True</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 1.2 Configure the Lambda Function </h3> <ul> <li>Set up environment variables and resource limits according to your needs.</li> <li>Test the function using the AWS Lambda console's built-in test feature. This ensures that your function executes as expected before integrating with Alexa.</li> </ul> <h2> Step 2: Creating an Alexa Skill </h2> <p>Now that your Lambda function is ready, you’ll create an Alexa skill to trigger it.</p> <h3> 2.1 Set Up the Alexa Skill </h3> <p>Log in to the <a href="https://developer.amazon.com/alexa/console/ask" rel="noopener noreferrer">Alexa Developer Console</a>.</p> <p>Create a new skill:</p> <ul> <li>Choose “Create Skill” and select the “Custom” skill type.</li> <li>Set your skill name (e.g., <code>Weather Checker</code>).</li> <li>Select <code>other</code> for the <code>experience</code> type.</li> <li>Choose a template: Start from scratch or use the provided templates for a custom experience.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhr0ifcy7y8c5bblv2emq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhr0ifcy7y8c5bblv2emq.png" alt="Image description" width="800" height="375"></a></p> <ul> <li>Hit <code>Create Skill</code> </li> </ul> <h3> 2.2 Designing the Interaction Model </h3> <p><strong>Invocation Name:</strong></p> <ul> <li>Set an invocation name for your skill (e.g., <code>weather checker</code>).</li> <li>This is what users will say to start the interaction (e.g., “Alexa, ask weather checker...”).</li> <li>Hit <code>Build Skill</code> </li> </ul> <p><strong>Create Intents:</strong></p> <ul> <li>Intents represent actions users want to perform. For example, create an intent called <code>GetWeatherIntent</code>.</li> <li>Under the <code>GetWeatherIntent</code>, add sample utterances like: <ul> <li>"What is the weather today?"</li> <li>"Tell me the weather."</li> <li>"Give me today's weather forecast."</li> </ul> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp7xkd5zz1ygcvlk5bmwp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp7xkd5zz1ygcvlk5bmwp.png" alt="Image description" width="800" height="214"></a></p> <p><strong>Slots:</strong> If your skill needs more specific inputs, such as a city name, you can define slots. For this example, a simple weather checker might not need them.</p> <h3> 2.3 Configuring the Endpoint </h3> <p><strong>Link the Skill to Your Lambda Function:</strong></p> <ul> <li>In the Alexa Developer Console, navigate to the Endpoint section.</li> <li>Select AWS Lambda ARN as the service endpoint type.</li> <li>Paste the ARN of the Lambda function you created earlier.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo79wqg6p0jdeu3wwxhfu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo79wqg6p0jdeu3wwxhfu.png" alt="Image description" width="800" height="300"></a></p> <p><strong>Skill Permissions:</strong></p> <ul> <li>Ensure your Lambda function’s IAM role has the necessary permissions to execute and return data.</li> </ul> <p><strong>Add Lambda Trigger</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb5mc5vpq1y105sjag2v0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb5mc5vpq1y105sjag2v0.png" alt="Image description" width="800" height="305"></a></p> <p>Add “Alexa Skills kit” from the “Add triggers” sidebar in aws console. (Shown as in screenshot above)</p> <p>Next you have to click on the “Alexa Skills kit”, then this will show up</p> <p>Add your skill ID in the above field.</p> <p>Moreover, make sure you add this lambda function ARN in your skill’s endpoint. Just paste the ARN in your skill’s endpoint.</p> <p>Build and Save it.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgou5vgqxd8gq9jnff9gm.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgou5vgqxd8gq9jnff9gm.png" alt="Image description" width="800" height="247"></a></p> <h2> Step 3: Coding the Lambda Function to Handle Alexa Requests </h2> <p>Your Lambda function needs to be able to handle requests from Alexa and respond appropriately.</p> <h3> 3.1 Handle Alexa Requests in Your Lambda Function </h3> <p>Here’s an expanded version of the Lambda function that parses the input and returns a relevant response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="c1"># Extracting intent name from Alexa's request </span> <span class="n">intent_name</span> <span class="o">=</span> <span class="n">event</span><span class="p">[</span><span class="sh">'</span><span class="s">request</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">intent</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">]</span> <span class="k">if</span> <span class="n">intent_name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">GetWeatherIntent</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># Build response </span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">version</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">1.0</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">response</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">outputSpeech</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">PlainText</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">text</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">The weather today is sunny with a high of 25 degrees.</span><span class="sh">'</span><span class="p">,</span> <span class="p">},</span> <span class="sh">'</span><span class="s">shouldEndSession</span><span class="sh">'</span><span class="p">:</span> <span class="bp">True</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">version</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">1.0</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">response</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">outputSpeech</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">PlainText</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">text</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">I am not sure how to help with that.</span><span class="sh">'</span><span class="p">,</span> <span class="p">},</span> <span class="sh">'</span><span class="s">shouldEndSession</span><span class="sh">'</span><span class="p">:</span> <span class="bp">True</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 3.2 Testing the Lambda Function </h3> <ul> <li>Use the AWS Lambda console to trigger the function manually with test events that simulate Alexa requests.</li> <li>Enable detailed logging in CloudWatch to troubleshoot any issues and ensure your function handles requests correctly.</li> </ul> <h2> Step 4: Testing and Deploying the Alexa Skill </h2> <h3> 4.1 Testing with the Alexa Simulator </h3> <ul> <li>Go to the Alexa Developer Console and open your skill.</li> <li>Use the Test tab: Here, you can simulate voice commands using the Alexa Simulator. Type or speak phrases like “Alexa, ask weather checker what the weather is today.”</li> <li>Review responses: Ensure Alexa returns the expected responses, and debug if necessary.</li> </ul> <h3> 4.2 Testing with a Real Device </h3> <ul> <li>Enable your skill on an Alexa-enabled device, such as an Amazon Echo.</li> <li>Speak the invocation name and command: For example, say “Alexa, ask weather checker what the weather is today.”</li> <li>Refine based on feedback: Adjust your Lambda function and skill interaction model based on real-world testing.</li> </ul> <h2> Step 5: Deploying and Monitoring Your Skill </h2> <h3> 5.1 Deploying Your Skill </h3> <ul> <li>Publish your skill: Once satisfied with the functionality, you can submit your skill for certification through the Alexa Developer Console.</li> <li>Private or Public: Choose whether to keep the skill private for personal use or make it available to the public.</li> </ul> <h3> 5.2 Monitoring and Logging </h3> <ul> <li>Use AWS CloudWatch: Monitor logs to track Lambda execution, identify errors, and optimize performance.</li> <li>Skill Analytics: In the Alexa Developer Console, you can also access analytics to see how users interact with your skill.</li> </ul> <p>By following these steps, you’ve successfully created a voice-activated Lambda function using Amazon Alexa. This setup opens the door to endless possibilities, from automating daily tasks to creating rich, voice-controlled applications. Whether you’re developing a personal project or a commercial application, integrating AWS Lambda with Alexa is a powerful way to bring voice capabilities to your cloud services.</p> <p>Happy coding, and enjoy the convenience of voice-triggered automation!</p> lambda aws serverless Mastering AWS Step Functions Error Handling Kasun de Silva Thu, 01 Aug 2024 23:18:01 +0000 https://dev.to/aws-builders/mastering-aws-step-functions-error-handling-j39 https://dev.to/aws-builders/mastering-aws-step-functions-error-handling-j39 <p>AWS Step Functions is a powerful orchestration service that enables developers to build and coordinate workflows using a series of steps, such as AWS Lambda functions, ECS tasks, or other AWS services. One of the critical aspects of building robust workflows is handling errors effectively. In this blog post, we'll dive into the different error handling scenarios in AWS Step Functions and provide practical examples to illustrate how to manage them.</p> <h3> Why Error Handling is Important </h3> <p>Error handling ensures your workflows can gracefully handle failures and continue processing without manual intervention. This not only improves the reliability of your applications but also enhances user experience by minimizing downtime and reducing the likelihood of data corruption.</p> <h3> Types of Errors in AWS Step Functions </h3> <ol> <li> <strong>States.All Errors</strong>: Catch-all for any error not explicitly caught by other patterns.</li> <li> <strong>States.Timeout</strong>: Triggered when a state exceeds its allowed execution time.</li> <li> <strong>States.TaskFailed</strong>: Raised when a task state fails.</li> <li> <strong>States.Permissions</strong>: Occurs due to IAM permission issues.</li> <li> <strong>States.ResultPathMatchFailure</strong>: When the result path doesn't match.</li> <li> <strong>States.BranchFailed</strong>: Raised if a parallel state fails.</li> <li> <strong>States.NoChoiceMatched</strong>: No match found for a Choice state.</li> <li> <strong>States.ParameterPathFailure</strong>: When a parameter path evaluation fails.</li> </ol> <h3> Error Handling Strategies </h3> <ul> <li> <strong>Retry</strong>: Automatically retry a failed state.</li> <li> <strong>Catch</strong>: Capture errors and redirect execution to a recovery path.</li> <li> <strong>Timeout</strong>: Specify a maximum time a state should run.</li> </ul> <h3> Example Workflow </h3> <p>Let's create a Step Functions workflow with a few states to illustrate error handling. Our example will include a Lambda function that might fail, and we'll handle errors using retry and catch mechanisms.</p> <p><strong>State Machine Graph</strong><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc1pgs1a7xn5pvdvcdxva.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc1pgs1a7xn5pvdvcdxva.png" alt="Step Function"></a></p> <p><strong>Step Function Definition</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Comment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A simple state machine to demonstrate error handling"</span><span class="p">,</span><span class="w"> </span><span class="nl">"StartAt"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Invoke Lambda"</span><span class="p">,</span><span class="w"> </span><span class="nl">"States"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Invoke Lambda"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Task"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:lambda:REGION:ACCOUNT_ID:function:YOUR_LAMBDA_FUNCTION"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Retry"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"States.ALL"</span><span class="p">],</span><span class="w"> </span><span class="nl">"IntervalSeconds"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"MaxAttempts"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"BackoffRate"</span><span class="p">:</span><span class="w"> </span><span class="mf">2.0</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Catch"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"States.ALL"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Handle Error"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"End"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Handle Error"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Fail"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"LambdaFunctionFailed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Cause"</span><span class="p">:</span><span class="w"> </span><span class="s2">"The Lambda function encountered an error."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Error Handling Scenarios </h3> <h4> 1. Retrying Failed States </h4> <p>The <code>Retry</code> field allows you to retry a failed state. In the example above, the state will retry up to 3 times with exponential backoff if an error occurs.</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="nl">"Retry"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"States.ALL"</span><span class="p">],</span><span class="w"> </span><span class="nl">"IntervalSeconds"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"MaxAttempts"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"BackoffRate"</span><span class="p">:</span><span class="w"> </span><span class="mf">2.0</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <h4> 2. Catching Errors </h4> <p>The <code>Catch</code> field enables you to capture errors and redirect the workflow to a different state, like an error handler or a fallback mechanism.</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="nl">"Catch"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"States.ALL"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Handle Error"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <h4> 3. Handling Timeouts </h4> <p>You can specify timeouts for states to prevent them from running indefinitely.</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Task"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:lambda:REGION:ACCOUNT_ID:function:YOUR_LAMBDA_FUNCTION"</span><span class="p">,</span><span class="w"> </span><span class="nl">"TimeoutSeconds"</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Advanced Error Handling </h3> <h4> 1. Conditional Error Handling with Choice State </h4> <p>You can use the Choice state to direct the workflow based on different error types.</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="nl">"Catch"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"States.Timeout"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"TimeoutHandler"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"States.TaskFailed"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"TaskFailedHandler"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <p><strong>Benefits of Conditional Error Handling</strong></p> <ul> <li> <strong>Granular Control</strong>: Allows you to define different handling strategies for different error types, improving the robustness of your workflow.</li> <li> <strong>Improved Debugging</strong>: By routing specific errors to distinct states, you can more easily identify and address issues.</li> <li> <strong>Customised Recovery</strong>: Enables tailored recovery actions or notifications based on the nature of the error.</li> </ul> <p><strong>State Machine Graph</strong><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe7bin9sf8hi4pkfae6qe.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe7bin9sf8hi4pkfae6qe.png" alt="Timeout erros"></a></p> <p><strong>Step Function Definition</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Comment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A simple state machine to demonstrate error handling including timeout"</span><span class="p">,</span><span class="w"> </span><span class="nl">"StartAt"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Invoke Lambda"</span><span class="p">,</span><span class="w"> </span><span class="nl">"States"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Invoke Lambda"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Task"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:lambda:REGION:ACCOUNT_ID:function:YOUR_LAMBDA_FUNCTION"</span><span class="p">,</span><span class="w"> </span><span class="nl">"TimeoutSeconds"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">Timeout</span><span class="w"> </span><span class="err">after</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="err">seconds</span><span class="w"> </span><span class="nl">"Retry"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"States.ALL"</span><span class="p">],</span><span class="w"> </span><span class="nl">"IntervalSeconds"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"MaxAttempts"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"BackoffRate"</span><span class="p">:</span><span class="w"> </span><span class="mf">2.0</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Catch"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"States.Timeout"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Handle Timeout"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"States.ALL"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Handle Error"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"End"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Handle Timeout"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Fail"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"LambdaTimeoutError"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Cause"</span><span class="p">:</span><span class="w"> </span><span class="s2">"The Lambda function timed out."</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Handle Error"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Fail"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"LambdaFunctionFailed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Cause"</span><span class="p">:</span><span class="w"> </span><span class="s2">"The Lambda function encountered an error."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h4> 2. Parallel State Error Handling </h4> <p>For workflows with parallel states, each branch can have its own error handling strategy.</p> <ul> <li> <p>Parallel Tasks State:</p> <ul> <li>The Parallel state starts two branches: "Invoke Lambda A" and "Invoke Lambda B".</li> <li>Each branch handles retries, timeouts, and failures independently.</li> </ul> </li> <li> <p>Error Handling in Each Branch:</p> <ul> <li>Retry: Retries the task up to 3 times with exponential backoff if it fails.</li> <li>Timeout: If a task times out, it transitions to a specific error handler.</li> <li>Catch: Captures any other errors and transitions to an error handler.</li> </ul> </li> <li> <p>Error Handling for Parallel State:</p> <ul> <li>The Catch block in the Parallel state catches errors from any branch and transitions to the "Handle Parallel Failure" state if any branch fails.</li> </ul> </li> </ul> <p><strong>State Machine Graph</strong><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnb86xs07ld8mk6ubs4ku.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnb86xs07ld8mk6ubs4ku.png" alt="Parallel State Error Handling"></a></p> <p><strong>Step Function Definition</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Comment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A state machine with parallel tasks and error handling"</span><span class="p">,</span><span class="w"> </span><span class="nl">"StartAt"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Parallel Tasks"</span><span class="p">,</span><span class="w"> </span><span class="nl">"States"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Parallel Tasks"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Parallel"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Branches"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"StartAt"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Invoke Lambda A"</span><span class="p">,</span><span class="w"> </span><span class="nl">"States"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Invoke Lambda A"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Task"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:lambda:REGION:ACCOUNT_ID:function:LambdaFunctionA"</span><span class="p">,</span><span class="w"> </span><span class="nl">"TimeoutSeconds"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="p">,</span><span class="w"> </span><span class="nl">"Retry"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"States.ALL"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"IntervalSeconds"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"MaxAttempts"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"BackoffRate"</span><span class="p">:</span><span class="w"> </span><span class="mf">2.0</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Catch"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"States.Timeout"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Handle Timeout A"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"States.ALL"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Handle Error A"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"End"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Handle Timeout A"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Fail"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"LambdaTimeoutErrorA"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Cause"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Lambda Function A timed out."</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Handle Error A"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Fail"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"LambdaFunctionFailedA"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Cause"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Lambda Function A failed."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"StartAt"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Invoke Lambda B"</span><span class="p">,</span><span class="w"> </span><span class="nl">"States"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Invoke Lambda B"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Task"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:lambda:REGION:ACCOUNT_ID:function:LambdaFunctionB"</span><span class="p">,</span><span class="w"> </span><span class="nl">"TimeoutSeconds"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="p">,</span><span class="w"> </span><span class="nl">"Retry"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"States.ALL"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"IntervalSeconds"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"MaxAttempts"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"BackoffRate"</span><span class="p">:</span><span class="w"> </span><span class="mf">2.0</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Catch"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"States.Timeout"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Handle Timeout B"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"States.ALL"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Handle Error B"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"End"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Handle Timeout B"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Fail"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"LambdaTimeoutErrorB"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Cause"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Lambda Function B timed out."</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Handle Error B"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Fail"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"LambdaFunctionFailedB"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Cause"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Lambda Function B failed."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Catch"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ErrorEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"States.ALL"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Handle Parallel Failure"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"End"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Handle Parallel Failure"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Fail"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ParallelStateFailed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Cause"</span><span class="p">:</span><span class="w"> </span><span class="s2">"One or more parallel tasks failed."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Effective error handling in AWS Step Functions is crucial for building resilient workflows. By leveraging retry, catch, and timeout strategies, you can ensure your workflows handle failures gracefully and continue processing without manual intervention. With these techniques, you can build robust and reliable applications that can withstand various failure scenarios.</p> <p>Do you have any questions or additional error handling scenarios you'd like to explore? Let me know in the comments below! Happy coding in AWS!</p> serverless stepfunctions lambda aws De-Bugging with Amazon Q and Generative AI Kasun de Silva Fri, 19 Jul 2024 01:08:02 +0000 https://dev.to/aws-builders/de-bugging-with-amazon-q-and-generative-ai-2i9a https://dev.to/aws-builders/de-bugging-with-amazon-q-and-generative-ai-2i9a <p>Serverless functions are the superheroes of the cloud, scaling effortlessly and saving you precious server management time. But even superheroes need a good debugging sidekick, and that’s where Amazon Q steps in. This innovative service from AWS harnesses the power of generative AI to take your serverless debugging to a whole new level.</p> <h2> What Makes Amazon Q So Special? </h2> <p>Traditional debugging can be a challenging and time-consuming process, especially in complex codebases. Amazon Q stands out by using generative AI to assist with your code debugging. Instead of manually hunting for bugs, Q analyzes your code to identify patterns and potential issues proactively. Imagine having a smart assistant that understands your code’s nuances, offering insights and suggestions as you write, helping you catch and fix problems before they escalate.</p> <h2> Here’s How Amazon Q Can Supercharge Your Debugging: </h2> <ul> <li> <strong>Identify Anomalies in Code</strong>: Amazon Q can scan your Python code and highlight unusual patterns or potential bugs. For instance, if a specific function call tends to cause unexpected behaviour, Q can flag it for your attention, saving you valuable time in pinpointing the root cause.</li> <li> <strong>Predict Code Issues</strong>: Leveraging generative AI, Amazon Q can learn from past code errors and identify patterns that might lead to future problems. Q can analyse your codebase and warn you of potential issues before they occur, preventing bugs and keeping your applications running smoothly.</li> <li> <strong>Generate Debugging Insights</strong>: Struggling to decipher a cryptic error in your code? Q can analyse the context of the error within your codebase and generate potential explanations and solutions to help you resolve the issue faster. It can suggest fixes and improvements, making your debugging process more efficient and effective.</li> </ul> <h2> Real-world Example: Debugging a Lambda Function with a DeadLock issue and get Amazon Q to fix it. </h2> <p>Let’s say you have a Lambda function that has potential issue’s with deadlocks and space for improvements, Here’s how Amazon Q can help:</p> <p><strong>The Problematic Code</strong></p> <p>Let’s start with a simple Python script that uses threading and locks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">threading</span> <span class="kn">import</span> <span class="n">time</span> <span class="c1"># Shared resources </span><span class="n">lock</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Lock</span><span class="p">()</span> <span class="c1"># Thread function </span><span class="k">def</span> <span class="nf">thread_routine</span><span class="p">(</span><span class="n">thread_name</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">thread_name</span><span class="si">}</span><span class="s">: attempting to acquire lock</span><span class="sh">"</span><span class="p">)</span> <span class="k">with</span> <span class="n">lock</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">thread_name</span><span class="si">}</span><span class="s">: acquired lock</span><span class="sh">"</span><span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># Simulate some processing </span> <span class="c1"># Do something with the resources </span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="c1"># Create threads </span> <span class="n">thread1</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Thread</span><span class="p">(</span><span class="n">target</span><span class="o">=</span><span class="n">thread_routine</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="p">(</span><span class="sh">"</span><span class="s">Thread 1</span><span class="sh">"</span><span class="p">,))</span> <span class="n">thread2</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Thread</span><span class="p">(</span><span class="n">target</span><span class="o">=</span><span class="n">thread_routine</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="p">(</span><span class="sh">"</span><span class="s">Thread 2</span><span class="sh">"</span><span class="p">,))</span> <span class="c1"># Start threads </span> <span class="n">thread1</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> <span class="n">thread2</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> <span class="c1"># Join threads to wait for their completion </span> <span class="n">thread1</span><span class="p">.</span><span class="nf">join</span><span class="p">()</span> <span class="n">thread2</span><span class="p">.</span><span class="nf">join</span><span class="p">()</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">statusCode</span><span class="sh">'</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">'</span><span class="s">body</span><span class="sh">'</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="sh">'</span><span class="s">Hello from Lambda!</span><span class="sh">'</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Test the lambda_handler function locally </span><span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="nf">lambda_handler</span><span class="p">({},</span> <span class="p">{})</span> </code></pre> </div> <h2> Identifying Issues with Amazon Q </h2> <p>To identify issues with the above code, follow these steps:</p> <ul> <li><p><strong>Install Amazon Q in Visual Studio Code</strong>: Ensure you have the <a href="https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/q-in-IDE-setup.html" rel="noopener noreferrer">Amazon Q extension</a> installed. This can be done from the Visual Studio Code Marketplace.</p></li> <li><p><strong>Analyze the Code</strong>: Open your Python script in Visual Studio Code. Amazon Q will automatically analyse the code and highlight potential issues.</p></li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd4qyr61d0lyykvcd9kx1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd4qyr61d0lyykvcd9kx1.png" alt="Analyze the Code" width="720" height="1236"></a></p> <ul> <li> <strong>Review the Suggestions</strong>: Amazon Q provides detailed suggestions and explanations. In our script, Amazon Q identifies a potential deadlock situation caused by the order in which locks are acquired in the two threads.</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqlt0f641rcohk0hc14m9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqlt0f641rcohk0hc14m9.png" alt="Review the Suggestions" width="720" height="308"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">threading</span> <span class="c1"># Shared resources </span><span class="n">lock1</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Lock</span><span class="p">()</span> <span class="n">lock2</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Lock</span><span class="p">()</span> <span class="c1"># Thread function that acquires locks in a consistent order </span><span class="k">def</span> <span class="nf">thread_routine</span><span class="p">(</span><span class="n">thread_id</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Thread </span><span class="si">{</span><span class="n">thread_id</span><span class="si">}</span><span class="s">: attempting to acquire lock1</span><span class="sh">"</span><span class="p">)</span> <span class="k">with</span> <span class="n">lock1</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Thread </span><span class="si">{</span><span class="n">thread_id</span><span class="si">}</span><span class="s">: acquired lock1</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Thread </span><span class="si">{</span><span class="n">thread_id</span><span class="si">}</span><span class="s">: attempting to acquire lock2</span><span class="sh">"</span><span class="p">)</span> <span class="k">with</span> <span class="n">lock2</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Thread </span><span class="si">{</span><span class="n">thread_id</span><span class="si">}</span><span class="s">: acquired lock2</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Do something with the resources </span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="c1"># Create threads </span> <span class="n">thread1</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Thread</span><span class="p">(</span><span class="n">target</span><span class="o">=</span><span class="n">thread_routine</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="p">(</span><span class="mi">1</span><span class="p">,))</span> <span class="n">thread2</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Thread</span><span class="p">(</span><span class="n">target</span><span class="o">=</span><span class="n">thread_routine</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="p">(</span><span class="mi">2</span><span class="p">,))</span> <span class="c1"># Start threads </span> <span class="n">thread1</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> <span class="n">thread2</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> <span class="c1"># Join threads to wait for their completion </span> <span class="n">thread1</span><span class="p">.</span><span class="nf">join</span><span class="p">()</span> <span class="n">thread2</span><span class="p">.</span><span class="nf">join</span><span class="p">()</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">statusCode</span><span class="sh">'</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">'</span><span class="s">body</span><span class="sh">'</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="sh">'</span><span class="s">Hello from Lambda!</span><span class="sh">'</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Test the lambda_handler function locally </span><span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="nf">lambda_handler</span><span class="p">({},</span> <span class="p">{})</span> </code></pre> </div> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjtn5fppswkfcp1ic4nd4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjtn5fppswkfcp1ic4nd4.png" alt="Review the Suggestions" width="720" height="187"></a></p> <p>In the refactored code, Amazon Q suggested to use a single lock to ensure that only one thread can access the shared resource at a time, preventing deadlock.</p> <p>Feel free to reach out if you have any questions or need further assistance with Amazon Q or any other development tools. Let’s make coding smoother and more efficient together!</p> <p>This is just one example of how Amazon Q can streamline your serverless debugging process. By leveraging the power of generative AI, you can spend less time wrestling with errors and more time building amazing serverless applications.</p> aws serverless amazonq genai Coding with a Cyborg: The Rise of the Amazon Q Kasun de Silva Fri, 10 May 2024 07:46:25 +0000 https://dev.to/aws-builders/coding-with-a-cyborg-the-rise-of-the-amazon-q-11a2 https://dev.to/aws-builders/coding-with-a-cyborg-the-rise-of-the-amazon-q-11a2 <h3> Introducing the Amazon Q VS Code Extension: Your AI Copilot </h3> <p>Imagine having an AI assistant whispering coding insights in your ear as you write. That’s the magic of Amazon Q! It has a VS Code extension seamlessly integrates with your development environment, offering real-time code completion, error detection, and even the ability to generate code snippets based on your natural language descriptions.</p> <h3> Building A Lambda function with Amazon Q’s Help </h3> <p>Let’s use Amazon Q to streamline building our Lambda function. Here’s a glimpse of the workflow:</p> <ul> <li>Fire Up VS Code and Install the Amazon Q Extension: This is a breeze — just search for “Amazon Q” in the <a href="https://marketplace.visualstudio.com/items?itemName=AmazonWebServices.amazon-q-vscode">VS Code extension</a> marketplace and hit install.</li> <li>Project structure - Let's say we are going create a lambda function and deploy it via terraform. we can use the following basic project structure. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>. ├── main.tf └── send-email-lambda └── send-email.py </code></pre> </div> <ul> <li>Craft Your Natural Language Request: Describe what you want the function to do, I’m going to ask: <code>Write a lambda function that can be used to send notifications when certain events occur. For example, a function could be triggered to send an email when a new order is placed on an e-commerce website</code> </li> <li>Witness the Power of AI: Amazon Q analyses your request and generates the basic Lambda function code, including boilerplate and event handling.</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb4s1bznx5j05s6z6aqdb.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb4s1bznx5j05s6z6aqdb.png" alt="Write Lambda code" width="800" height="416"></a></p> <ul> <li>Copy the lambda code and put that in the send-email.py file.</li> </ul> <h3> Adding SMS Functionality with Amazon Q’s Guidance </h3> <p>Now, let’s extend the Lambda to send SMS notifications as well. Here’s where Amazon Q shines again:</p> <ul> <li>New Feature: Add a comment # Send SMS after the send email section of your code and press enter. Amazon Q will start suggesting you code blocks as you go in to new lines.</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiqm6b6xi0rarqicfafmg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiqm6b6xi0rarqicfafmg.png" alt="Add SMS feature" width="800" height="449"></a></p> <ul> <li>AI to the Rescue: Amazon Q taps into its knowledge base and suggests relevant code snippets or documentation links to achieve your goal.</li> </ul> <h3> Terraform Takes the Wheel for Deployment </h3> <p>With the Lambda function primed, it’s time to deploy it using Terraform’s infrastructure as code (IaC). Terraform lets you define your infrastructure in code, ensuring consistent and automated deployments. You can use Amazon Q within VS Code to help you write the Terraform code for creating the Lambda function, IAM roles, and SNS topics needed for email and SMS notifications.</p> <p>Craft Your Natural Language Request: Describe what you want the function to do, and this time I’m going to ask:<br> <code>Write a terraform code that creates a zip file of this “send-email-lambda/send-email.py” python code and deploy it to my aws account</code></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqhr7l84cgfkyn1b0nf23.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqhr7l84cgfkyn1b0nf23.png" alt="Terraform code" width="800" height="483"></a></p> <h3> The Final Frontier: Deployment and Beyond! </h3> <p>Once the Terraform code is ready, simply run <code>terraform apply</code> to deploy your serverless notification machine to the cloud. This is just a taste of the possibilities! With Amazon Q as your AI partner, you can craft complex applications with unprecedented ease.</p> <p>Remember, this is just the beginning; explore <a href="https://aws.amazon.com/q/">Amazon Q</a>’s capabilities and see how it can transform your coding experience!</p> <p><strong>Happy Coding with Amazon Q</strong></p> aws serverless amazonq genai Boost Your Lambdas with Powertools Kasun de Silva Fri, 26 Apr 2024 04:15:51 +0000 https://dev.to/aws-builders/turbocharge-your-lambda-functions-with-aws-lambda-powertools-for-python-fph https://dev.to/aws-builders/turbocharge-your-lambda-functions-with-aws-lambda-powertools-for-python-fph <p>AWS Lambda Powertools for Python is a comprehensive suite of utilities designed to enhance the development of serverless applications using AWS Lambda. It simplifies logging, tracing, metric gathering, and more, allowing developers to focus more on business logic rather than boilerplate code. In this blog post, we’ll explore the key features of AWS Lambda Powertools for Python and provide an example of deploying a Lambda function using Terraform with the Powertools layer.</p> <h2> Key Features of AWS Lambda Powertools for Python </h2> <h3> 1. Logger </h3> <p>The Logger utility simplifies logging setup across Lambda functions, providing structured logging as JSON out of the box. It automatically captures key information like cold start and function ARN, and supports logging correlation IDs for distributed tracing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">aws_lambda_powertools</span> <span class="kn">import</span> <span class="n">Logger</span> <span class="n">logger</span> <span class="o">=</span> <span class="nc">Logger</span><span class="p">()</span> <span class="nd">@logger.inject_lambda_context</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Processing event</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">statusCode</span><span class="sh">"</span><span class="p">:</span> <span class="mi">200</span><span class="p">}</span> </code></pre> </div> <h3> 2. Tracer </h3> <p>Tracer is built on top of AWS X-Ray and provides decorators to trace Lambda function handlers and methods effortlessly. It captures cold starts, annotates errors correctly, and traces downstream calls to other AWS services.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">aws_lambda_powertools</span> <span class="kn">import</span> <span class="n">Tracer</span> <span class="n">tracer</span> <span class="o">=</span> <span class="nc">Tracer</span><span class="p">()</span> <span class="nd">@tracer.capture_lambda_handler</span> <span class="k">def</span> <span class="nf">handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="c1"># Your business logic here </span> <span class="k">pass</span> </code></pre> </div> <h3> 3. Metrics </h3> <p>The Metrics utility provides a straightforward way to capture custom business metrics using Amazon CloudWatch. It batches and flushes the metrics at the end of the function execution to minimize the number of calls made to CloudWatch.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">aws_lambda_powertools</span> <span class="kn">import</span> <span class="n">Metrics</span> <span class="kn">from</span> <span class="n">aws_lambda_powertools.metrics</span> <span class="kn">import</span> <span class="n">MetricUnit</span> <span class="n">metrics</span> <span class="o">=</span> <span class="nc">Metrics</span><span class="p">()</span> <span class="nd">@metrics.log_metrics</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">metrics</span><span class="p">.</span><span class="nf">add_metric</span><span class="p">(</span><span class="n">name</span><span class="o">=</span><span class="sh">"</span><span class="s">SuccessfulBookings</span><span class="sh">"</span><span class="p">,</span> <span class="n">unit</span><span class="o">=</span><span class="n">MetricUnit</span><span class="p">.</span><span class="n">Count</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">statusCode</span><span class="sh">"</span><span class="p">:</span> <span class="mi">200</span><span class="p">}</span> </code></pre> </div> <h3> 4. Utilities </h3> <p>AWS Lambda Powertools also includes several other utilities like Parameters for retrieving and caching parameter values from AWS Systems Manager or AWS Secrets Manager, Idempotency to ensure Lambda functions are idempotent, and Feature Flags to manage feature toggling.</p> <h2> Deploying a Lambda Function with Terraform and Powertools Layer </h2> <p>To deploy an AWS Lambda function with the Powertools layer using Terraform, you first need to define your infrastructure as code. Below is a basic example of how you can set up a Lambda function with the AWS Lambda Powertools layer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_lambda_function"</span> <span class="s2">"my_lambda"</span> <span class="p">{</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="s2">"MyLambdaFunction"</span> <span class="nx">handler</span> <span class="p">=</span> <span class="s2">"lambda_function.lambda_handler"</span> <span class="nx">runtime</span> <span class="p">=</span> <span class="s2">"python3.8"</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">lambda_exec_role</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">filename</span> <span class="p">=</span> <span class="s2">"path_to_your_lambda_deployment_package.zip"</span> <span class="nx">layers</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"arn:aws:lambda:us-east-1:017000801446:layer:AWSLambdaPowertoolsPython:2"</span> <span class="p">]</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_iam_role"</span> <span class="s2">"lambda_exec_role"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"lambda_execution_role"</span> <span class="nx">assume_role_policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="p">=</span> <span class="s2">"2012-10-17"</span> <span class="nx">Statement</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Action</span> <span class="p">=</span> <span class="s2">"sts:AssumeRole"</span> <span class="nx">Principal</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Service</span> <span class="p">=</span> <span class="s2">"lambda.amazonaws.com"</span> <span class="p">}</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="p">},</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"lambda_arn"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_lambda_function</span><span class="p">.</span><span class="nx">my_lambda</span><span class="p">.</span><span class="nx">arn</span> <span class="p">}</span> </code></pre> </div> <p>This Terraform script sets up a basic Lambda function with the AWS Lambda Powertools layer. It defines the necessary IAM role for the Lambda function to execute and outputs the ARN of the Lambda function after deployment.</p> <p>AWS Lambda Powertools for Python is a powerful toolkit that can significantly simplify the development and maintenance of serverless applications on AWS. By using its features, developers can ensure that their applications are robust, scalable, and easy to manage. You can read more about AWS Lambda Powertools in the following link.</p> <p><strong>Read more:</strong> <a href="https://docs.powertools.aws.dev/lambda/python/latest/">https://docs.powertools.aws.dev/lambda/python/latest/</a></p> <p><strong>Happy Coding!</strong></p> aws lambda python serverless Lambda Layers: The Secret Weapon of Savvy Serverless Developers Kasun de Silva Fri, 15 Mar 2024 00:04:28 +0000 https://dev.to/aws-builders/lambda-layers-the-secret-weapon-of-savvy-serverless-developers-5fcd https://dev.to/aws-builders/lambda-layers-the-secret-weapon-of-savvy-serverless-developers-5fcd <p>When it comes to serverless development with AWS Lambda, keeping your code clean and efficient is essential. Lambda functions themselves have size limitations, and including all your dependencies within the function code can quickly bloat them. This is where Lambda layers come in — a powerful tool for streamlining your development process.</p> <p><strong>What are Lambda Layers?</strong></p> <p>Imagine a Lambda layer as a self-contained zip archive. This archive can hold various things, including:</p> <ul> <li> <strong>Library dependencies:</strong> Instead of bundling libraries with your function code, store them in a layer. This keeps your deployment packages leaner and easier to manage.</li> <li> <strong>Custom runtimes:</strong> Need a specific runtime environment for your function? Layers can provide that too.</li> <li> <strong>Configuration files:</strong> Separate your function’s core logic from configuration details by storing them in a layer.</li> </ul> <p><strong>Benefits of Using Lambda Layers</strong></p> <ul> <li> <strong>Smaller Deployment Packages:</strong> By offloading dependencies to layers, you keep your function code concise and reduce deployment times.</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fziq65t2pjgyweir4nqc3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fziq65t2pjgyweir4nqc3.png" alt="Smaller Deployment Packages" width="420" height="276"></a><br> <strong>Improved Code Maintainability:</strong> Separating function code from dependencies makes it easier to update and manage each independently.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcx8so0bgw4ak9q5bgpgp.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcx8so0bgw4ak9q5bgpgp.png" alt="Improved Code Maintainability" width="187" height="288"></a></p> <p><strong>Reusability:</strong> Layers can be attached to multiple functions, promoting code reuse and consistency across your serverless application.<br> <a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi2uag9omfxnqjc965uh5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi2uag9omfxnqjc965uh5.png" alt="Reusability" width="357" height="263"></a></p> <ul> <li> <strong>Standardized Runtimes:</strong> Manage custom runtimes through layers, continuing a consistent environment for your functions.</li> </ul> <p><strong>Simple Layer Example</strong><br> Let’s say you have a Lambda function that needs to make API requests. You can create a layer containing the requests library. Here's a basic example:</p> <ol> <li> <strong>Create a directory:</strong> Create a folder named <code>python</code> for your layer.</li> <li> <strong>Install the library:</strong> Inside the python directory, run <code>pip install requests -t</code> . This installs the <code>requests</code> library into the current directory.</li> <li> <strong>Zip the directory:</strong> Use the <code>zip</code> command (or your OS's equivalent) to create a zip archive of the python directory. Name it something descriptive, like <code>my_requests_layer.zip</code>.</li> </ol> <p>Now you have a layer containing the <code>requests</code> library! You can upload this zip file to AWS Lambda and reference it in your function code.</p> <p><strong>Using the Layer in Your Lambda Function</strong></p> <p>Once you have uploaded your layer to AWS Lambda, follow these steps to use it in your Lambda function:</p> <ul> <li>Navigate to Lambda functions in the AWS console.</li> <li>Click on the “Layers” section from the left menu.</li> <li>Click “Create layer”, upload your zip file and hit “Create”.</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffomyh79iwo7eblpuajg7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffomyh79iwo7eblpuajg7.png" alt="Create layer" width="800" height="878"></a></p> <p>Let’s Create a Lambda functions that using the <code>requests</code> library from a layer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">requests</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">url</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://api.example.com/data</span><span class="sh">"</span> <span class="c1"># Using the requests library from the layer </span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">url</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">statusCode</span><span class="sh">"</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">"</span><span class="s">body</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <ul> <li>Create a new Lambda function using above code example.</li> <li>In the “code” tab scroll all the way to bottom and find the Layers section.</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flkhkyco08bpc56m55b9g.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flkhkyco08bpc56m55b9g.png" alt="Add Layer" width="800" height="81"></a></p> <ul> <li>Click on “Add Layer”</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqm9ccy2oonkpkwzfj74p.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqm9ccy2oonkpkwzfj74p.png" alt="Custom layers" width="800" height="643"></a></p> <ul> <li>Select “Custom layers” and chose the “python_requests” layer you just uploaded.</li> <li>Click “Add”</li> </ul> <p>Then the custom layer you just created will be attached to your function.</p> <p>In this example, the function imports requests without needing it installed within the function code itself. This keeps the deployment package lean and leverages the reusable layer.</p> <p><strong>Getting Started with AWS Lambda Layers</strong></p> <p>Using Lambda layers is straightforward. You create a zip archive containing your desired dependencies or configurations, upload it to AWS, and then reference it in your Lambda function code. Layers are versioned, so you can control exactly which version of the layer your function uses.</p> <p>Here are some additional resources to get you started:</p> <ul> <li> <strong>AWS Lambda Layers Documentation:</strong> <a href="https://docs.aws.amazon.com/lambda/latest/dg/chapter-layers.html">https://docs.aws.amazon.com/lambda/latest/dg/chapter-layers.html</a> </li> <li> <strong>Using Lambda layers to simplify your development process:</strong> <a href="https://docs.aws.amazon.com/lambda/latest/dg/chapter-layers.html">https://docs.aws.amazon.com/lambda/latest/dg/chapter-layers.html</a> </li> </ul> <p>Lambda layers are a valuable asset for any serverless developer on AWS. By leveraging layers, you can create cleaner, more manageable codebases, improve deployment efficiency, and promote code reuse across your serverless applications. So next time you’re building serverless functions with AWS Lambda, consider using layers to simplify your workflow and streamline your development process.</p> aws lambda serverless